search

dwyl / learn-javascript

A Series of Simple Steps in JavaScript :-)
Other
64 stars 15 forks source link

'document.write can be a form of eval/evil' #24

Open sophielevens opened 7 years ago

sophielevens commented 7 years ago

I have just completed the 'Check for Palindromes' task on FreeCodeCamp (yay me!) and although my code was accepted, I wondered why there are those irritating little exclamation marks telling me that 'document.write can be a form of eval'. If possible, could you provide me with a brief explanation of why this is the case, how it works and what I should be using instead? Thanks!

Cleop commented 7 years ago

So what document.write can be a form of eval means is:

the syntax document.write relates to/ uses the eval function, an inbuilt js function.

It is warning you not to use eval because there are risks associated with it. One of those risks is that it's a function that is open for hackers to inject (put in) malicious code to break/hack your site. Also, it's a difficult function to debug and finally, it can be slow to run.

I will come on to part 2 of your question when I next get the chance!

ghost commented 5 years ago

So what is the solution of this? I want to fix... Please help me.

anhka99 commented 1 year ago

So what document.write can be a form of eval means is:

the syntax document.write relates to/ uses the eval function, an inbuilt js function.

It is warning you not to use eval because there are risks associated with it. One of those risks is that it's a function that is open for hackers to inject (put in) malicious code to break/hack your site. Also, it's a difficult function to debug and finally, it can be slow to run.

I will come on to part 2 of your question when I next get the chance!

help my