Closed dajunJS closed 6 years ago
`function compile(template){ const evalExpr = /<%=(.+?)%>/g; const expr = /<%([\s\S]+?)%>/g;
template = template .replace(evalExpr, '); \n echo( $1 ); \n echo(') .replace(expr, '); \n $1 \n echo(');
); \n echo( $1 ); \n echo(
); \n $1 \n echo(
template = 'echo(' + template + ');';
' + template + '
let script = `(function parse(data){ let output = "";
function echo(html){ output += html; } ${ template } return output;
})`;
return script; } let parse = eval(compile(template)); div.innerHTML = parse({ supplies: [ "broom", "mop", "cleaner" ] });` 阮老师,网上很多说eval最好不要用,会有安全或性能问题.请问有没有其它替换方案
自己用 eval 问题不大的,只要不处理用户输入的数据即可。
`function compile(template){ const evalExpr = /<%=(.+?)%>/g; const expr = /<%([\s\S]+?)%>/g;
template = template .replace(evalExpr, '
); \n echo( $1 ); \n echo(
') .replace(expr, '); \n $1 \n echo(
');template = 'echo(
' + template + '
);';let script = `(function parse(data){ let output = "";
})`;
return script; }
let parse = eval(compile(template)); div.innerHTML = parse({ supplies: [ "broom", "mop", "cleaner" ] });` 阮老师,网上很多说eval最好不要用,会有安全或性能问题.请问有没有其它替换方案