JavaScript - Avoid use of Eval function
Impact area
Security
Severity
High
Affected element
All
Rule number
SN-0107
Impact
The eval() function evaluates or executes an argument. Improper use of eval() opens up your code for injection attacks and debugging can be more challenging, as no line numbers are displayed with an error.
Remediation
Avoid the use of eval. It encourages the use of untrusted code. If you must execute arbitrary code, use GlideScriptEvaluator which ensures it came from a record.
Time to fix
30 min
Code examples
Noncompliant code
let value = eval('obj.' + propName);
Compliant code
let value = eval(gs.getProperty('variableWhichHoldsSafeCode'));
What's here