I need to use eval() for a JavaScript-based web app I’m building. The reason

Question

0

Asked: June 12, 20262026-06-12T07:16:48+00:00 2026-06-12T07:16:48+00:00

I need to use eval() for a JavaScript-based web app I’m building. The reason

0

I need to use eval() for a JavaScript-based web app I’m building.

The reason for this is that I want to let people write their own functions that get stored as text, and can be re-used on the site when then need to use them another time. Think along the lines of jsFiddle.

The code will either be run and eval’ed, or will inserted as a script tag. Either way, it leaves the site open to JavaScript injection by malicious users. As such, I’m planning to either filter submitted code, or when a user loads another user’s script, have a warning message that the user should first read / check the script before continuing.

So far, I’m looking to filter / warn on the following keywords:

eval
execScript

script

window.*
setInterval
setTimeout
alert
confirm
prompt

document.*
write
innerHTML
insertAdjacentHTML
createElement
appendChild
setAttribute

form.*
submit

XMLHttpRequest

jQuery.*
ajax

base64encode
base64decode

I’ve not started testing yet, so these are only my initial thoughts.

Anyone got experience or opinion on this?

Thanks,
Dave

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-12T07:16:49+00:00

Editorial Team

2026-06-12T07:16:49+00:00Added an answer on June 12, 2026 at 7:16 am

Pretty much any filtering can be got around by doing this. You’re going to have to sandbox the Javascript. Possible approaches include:

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I need to use eval() for a JavaScript-based web app I’m building. The reason

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply