JSLint Messages – Eval Is Evil

The eval method in JavaScript is a hook right into the JavaScript compiler. It accepts a string as a parameter and then compiles it and runs it.

In listing its disadvantages, stating that this method was ‘slow’ would accurate, but also a huge understatement. Some time ago, Microsoft guru, Eric Lippert, wrote a series of articles that covers its evils. These are still relevant: Eval is Evil, Part One and Eval is Evil, Part Two. Rather than listing the evils here it is probably better to refer to his articles.

But My Use of eval Is Valid!

JSLint assumes that every use of eval is unjustified, however there is no getting away from the fact that it is a legitimate language feature that does have a valid purpose. Yes, there may be times where you need to compile and run something on the fly.

Consider the JSON data-interchange format. The JSON2.js library allows you to convert between JavaScript strings and objects. The only way to convert a string into a JavaScript object safely is eval it. And yet, JSON2.js passes a JSLint scan. How?

When we look at the code, we encounter the following statement in the header:

/*jslint evil: true, regexp: false */

In this statement, the JSON2 library is intructing any JSLint scanner to tolerate its use of eval by stipulating the ‘evil‘ JSLint option.

Bonus chatter: document.write can be a form of eval.

A Guide To JSLint Messages

This article is one of a series on the error and warning messages produced by JSLint.

2 thoughts on “JSLint Messages – Eval Is Evil

  1. Pingback: JSLint Messages – document.write can be a form of eval. | James Wiseman

  2. Pingback: JSLint – A Guide To JSLint Messages | James Wiseman

Leave a Reply