The Evils of Eval


Can you be certain that the JSON you're parsing is safe, even if you're pulling it from your own server? If the answer to this question is no, you shouldn't be using eval.

As a final thought, I'd like to note that the Microsoft SDL includes a recommendation against using eval and its equivalents.  It suggests using Casaba Security's Watcher tool that I mentioned in More Free Security Tools to help find these in your code. Happy vulnerability hunting!


About the author

AgileConnection is one of the growing communities of the TechWell network.

Featuring fresh, insightful stories, is the place to go for what is happening in software development and delivery.  Join the conversation now!