Business Rules using eval function
Impact area
Security
Severity
High
Affected element
Business rules
Rule number
SN-0027
Impact
The eval()
function evaluates or executes an argument. Improper use of eval()
opens up your code for injection attacks and debugging can be more challenging, as no line numbers are displayed with an error.
Remediation
Avoid the use of eval. It encourages the use of non trusted code. If you must execute arbitrary code, use GlideScriptEvaluator
which ensures it came from a record.
Time to fix
30 min
References
This rule is linked to Common Weakness Enumeration CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection).
What's here
Related content
Common Weakness Enumeration (CWE™)
w3schools.com documentation article: JavaScript best practices.