eval() is evaluated in the scope where it is called, which exposes all the (private) variables to the string script being evaluated.
Besides security considerations, it disables mangling of all variables names in the scope (and all parent scopes) during code minification, because every variable could be potentially used in the eval().
The (new Function(str))() approach is much safer, cause it does not have access to the current scope.
Replace
with
Why?
eval()
is evaluated in the scope where it is called, which exposes all the (private) variables to the string script being evaluated. Besides security considerations, it disables mangling of all variables names in the scope (and all parent scopes) during code minification, because every variable could be potentially used in theeval()
.The
(new Function(str))()
approach is much safer, cause it does not have access to the current scope.