TRIAL REQUEST A DEMO LOGIN

JavaScript - Avoid use of Eval function

Impact area

Security

Severity

High

Affected element

All


Rule number

SN-0107

Impact

The eval() function evaluates or executes an argument. Improper use of eval() opens up your code for injection attacks and debugging can be more challenging, as no line numbers are displayed with an error.

Remediation

Avoid the use of eval. It encourages the use of untrusted code. If you must execute arbitrary code, use GlideScriptEvaluator which ensures it came from a record.

Time to fix

30 min

Code examples

Noncompliant code

let value = eval('obj.' + propName);

Compliant code

let value = eval(gs.getProperty('variableWhichHoldsSafeCode'));

What's here


Related content

JavaScript rules

JavaScript best practices

w3schools: JavaScript best practices




Last modified on Mar 19, 2021
Copyright © QualityClouds 2021