• Home
• org.codehaus.sonar-plugins.javascript
• javascript-checks
• 2.4
• source code
• Eval.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.l10n.javascript.rules.javascript.Eval.html Maven / Gradle / Ivy

The eval function is a way to run arbitrary code at run-time. Generally it is considered to be very dangerous because it allows execution of arbitrary code. Its use is thus discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user-provided data into it without properly validating it beforehand.
Noncompliant Code Example

eval(code_to_be_dynamically_executed)

See


 MITRE CWE-95 - CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
 OWASP Top Ten 2013 Category A3 - Cross-Site Scripting (XSS)