search

kwebio / kweb-core

A Kotlin web framework
https://docs.kweb.io/book
GNU Lesser General Public License v3.0
969 stars 57 forks source link

Consider using Function instead of eval() #11

Closed sanity closed 5 years ago

sanity commented 7 years ago

Use of eval() is discouraged - see here.

Determine whether there is a better alternative, such as Function.

ValeTheVioletMote commented 5 years ago

As a note, per Kyle Simpson (getify)'s book:

The new Function(..) function constructor similarly takes a string of code in its last argument to turn into a dynamically-generated function (the first argument(s), if any, are the named parameters for the new function). This function-constructor syntax is slightly safer than eval(..), but it should still be avoided in your code.

The use-cases for dynamically generating code inside your program are incredibly rare, as the performance degradations are almost never worth the capability.

This could be one of those use cases, provided that the code we're passing is minimal. The main issue with both eval() and new Function() is that the code passed through it cannot be optimized by the JS engine (as stated in the article you link). Complex code is likely to execute poorly/slowly, which defeats the purpose of your engine being speedy in all other regards.

I'm a JS guy attempting to learn Kotlin.. I'll see what I can do as I learn the kt side of things.

sanity commented 5 years ago

Hi, thank you for the feedback.

I'm aware that use of eval and Function are slow, because of this Kweb avoids using it except for relatively rare types of instruction.

Most of the time Kweb uses pre-defined message types for common instructions, you can see the server-side of this here and the client side here.

This should mean that calls to eval are relatively infrequent. If it is being called frequently for you then let me know, I might be able to solve the problem with a few new pre-defined message types.