zoukankan      html  css  js  c++  java
  • eval()

    w恶意者利用。

    http://php.net/manual/en/function.eval.php

    https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval

    The eval() function evaluates JavaScript code represented as a string.

     Don't use eval needlessly!

    eval() is a dangerous function, which executes the code it's passed with the privileges of the caller. If you run eval() with a string that could be affected by a malicious party, you may end up running malicious code on the user's machine with the permissions of your webpage / extension. More importantly, third party code can see the scope in which eval() was invoked, which can lead to possible attacks in ways to which the similar Function is not susceptible.

    eval() is also generally slower than the alternatives, since it has to invoke the JS interpreter, while many other constructs are optimized by modern JS engines.

    There are safer (and faster!) alternatives to eval() for common use-cases.

    eval — Evaluate a string as PHP code

     Caution

    The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.

     
  • 相关阅读:
    SQlite数据库
    关于如何获取剪切板的多个图片处理
    aes 和 Md5 分析
    SIP消息
    getItemAt
    C++ map的方法
    C++ 解析Json
    CentOS 6.3安装配置LAMP服务器(Apache+PHP5+MySQL)
    阿里云服务器CentOS 5.7(64位)安装配置LAMP服务器(Apache+PHP5+MySQL)
    Apache虚拟主机(vhost)配置教程
  • 原文地址:https://www.cnblogs.com/rsapaper/p/6369072.html
Copyright © 2011-2022 走看看