zoukankan      html  css  js  c++  java
  • eval()

    w恶意者利用。

    http://php.net/manual/en/function.eval.php

    https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval

    The eval() function evaluates JavaScript code represented as a string.

     Don't use eval needlessly!

    eval() is a dangerous function, which executes the code it's passed with the privileges of the caller. If you run eval() with a string that could be affected by a malicious party, you may end up running malicious code on the user's machine with the permissions of your webpage / extension. More importantly, third party code can see the scope in which eval() was invoked, which can lead to possible attacks in ways to which the similar Function is not susceptible.

    eval() is also generally slower than the alternatives, since it has to invoke the JS interpreter, while many other constructs are optimized by modern JS engines.

    There are safer (and faster!) alternatives to eval() for common use-cases.

    eval — Evaluate a string as PHP code

     Caution

    The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.

     
  • 相关阅读:
    c++ range库
    差分数组
    简单比较一下C++中的引用和指针
    数字图像处理中一张常用图片
    内存池与内存块
    SmartPtr
    Allocator
    Java学习第12天
    Java学习第11天
    Java学习第10天
  • 原文地址:https://www.cnblogs.com/rsapaper/p/6369072.html
Copyright © 2011-2022 走看看