zoukankan      html  css  js  c++  java
  • eval()

    w恶意者利用。

    http://php.net/manual/en/function.eval.php

    https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval

    The eval() function evaluates JavaScript code represented as a string.

     Don't use eval needlessly!

    eval() is a dangerous function, which executes the code it's passed with the privileges of the caller. If you run eval() with a string that could be affected by a malicious party, you may end up running malicious code on the user's machine with the permissions of your webpage / extension. More importantly, third party code can see the scope in which eval() was invoked, which can lead to possible attacks in ways to which the similar Function is not susceptible.

    eval() is also generally slower than the alternatives, since it has to invoke the JS interpreter, while many other constructs are optimized by modern JS engines.

    There are safer (and faster!) alternatives to eval() for common use-cases.

    eval — Evaluate a string as PHP code

     Caution

    The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.

     
  • 相关阅读:
    PyCharm 安装package matplotlib为例
    Julia 下载 安装 juno 开发环境搭建
    进程 线程 协程
    Eclipse Golang 开发环境搭建 GoClipse 插件
    TaxonKit
    tar: Removing leading `/' from member names
    Linux 只列出目录的方法
    unbuntu 安装 teamviewer
    ubuntu 设置静态IP
    Spring 配置文件中 元素 属性 说明
  • 原文地址:https://www.cnblogs.com/rsapaper/p/6369072.html
Copyright © 2011-2022 走看看