On Feb 2, 7:42 pm, Daniel Gibby <[email protected]> wrote: > I'm trying to find an alternative within a running script for a straight > eval(externalSourceCodeInputStreamReader) that will let me check whether > the external source code is valid JavaScript before I eval() it. > > I'm sure some of you JavaScript gurus have plenty of ideas. > > Note: it would be nice if there were more explanations of alternatives > under the "Don't use eval!" section on this > page...https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global... > > That page says "There are safe alternatives to eval() for common > use-cases", and I'm interested in what they are. > > I'd like to be able to input the code from external sites (which I have > no control over) and be able to tell what is wrong with them when they > won't eval() correctly. > > Anyone have some nice hints? > > Thanks, > Daniel Gibby
If you're not actually interested in running the code, but merely checking to see if it is syntactically valid, then you can just compile it via Context.compileReader(), otherwise to make sure that it is "fully valid" you'd have to run it in a host environment that simulated as closely as possible where it would actually be running. It's tricky, but possible, to make this secure. _______________________________________________ dev-tech-js-engine-rhino mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-js-engine-rhino
