How does eval() work in Node.js?

Node.js / January 5, 2021 / TopCode / 0

Introduction

eval or evil? Yes, I am calling eval() function as evil because it is a dangerous function that can execute arbitrary code passed to it. eval() is a global function in JavaScript that dynamically evaluates expressions from a string-based or compiled-code-based input. Let’s understand eval() function working in Node.js

Syntax:

eval(string)

The function takes only one argument which is a string representing a JavaScript expression, statement, or sequence of statements. The expression can include variables and properties of existing objects.

The following example illustrates eval in Node.js:

eval('console.log("Hello world")')
let x = eval(9+4)
console.log("x is:",x);
let y = eval(x+3)
console.log("y is:",y)

Output of above code is:

$ node demo.js
Hello world
x is: 13
y is: 16

Now, lets convert a JSON string to JSON Object. Following code will convert a JSON string to JSON obect.

var str = '({"firstName":"Elon","lastName":"Musk"})';
var obj = eval(str);
console.log("Object is:",obj)
console.log("First name is:",obj.firstName);

Output of above code is:

Object is: { firstName: 'Elon', lastName: 'Musk' }
First name is: Elon

eval() is a dangerous function, which executes the code it’s passed with the privileges of the caller. If you run eval() with a string that could be affected by a malicious party, you may end up running malicious code on the user’s machine with the permissions of your webpage / extension.

Conclusion

As we have seen how eval works in Node.js. As eval is a evil function which can execute any malicious code on user’s machine which is dangerous. eval() is also slower than other constructs because it invokes the JavaScript interpreter every time a call to eval happens. Thanks for reading.

#Happy Coding #TopCode

#eval node js #eval node js exploit #safe-eval node js exploit #safe eval node js #code evaluation node js #node.js eval alternative #node js eval sandbox #node js eval rce #node.js eval code #node js eval cli #eval node js example #node.js vm vs eval #node js eval vulnerability #node js eval function #node js eval file #node.js eval injection #eval function in node js #safe eval in node js #eval js node js #node.js eval javascript #node.js eval method #node js eval string #node js safe eval #using eval in node js #javascript eval function call #javascript eval function alternative #javascript eval function with parameters #javascript eval function string #javascript eval function source code #javascript eval function not working #javascript eval function security issues #javascript eval function in c# #javascript eval function example #javascript eval function assignment #javascript eval anonymous function #javascript eval a function #javascript eval async function #javascript eval function with arguments #javascript eval(function(p a c k e d) #javascript eval string as function #javascript using eval to call a function #javascript eval method #javascript+eval+function call with object parameter #javascript eval function code #javascript eval call function with parameters #javascript eval create function #js eval call function #javascript eval function for calculator #javascript eval function definition #javascript eval dynamic function #javascript eval function not defined #eval function javascript decode #javascript call function dynamically eval #what eval function do in javascript #eval function js #javascript eval function exploit #javascript eval function error #javascript eval function equivalent in c# #javascript eval execute function #javascript eval function syntax error #web.javascript eval function examples #eval function in javascript #javascript eval function from string #js eval function from string #javascript find function eval #javascript eval function statements require a function name #call javascript function from eval in asp.net #function eval in javascript #javascript get function eval #how to use javascript eval function #javascript eval function implementation #javascript eval function in string #javascript eval function in java #javascript eval in function #javascript eval inside function #javascript eval function json #javascript decode eval(function(p a c k e d) #eval function code in javascript #javascript eval function name #javascript eval new function #javascript eval is not a function #javascript onclick eval function #eval function of javascript #javascript override eval function #javascript function instead of eval #javascript eval function parameters #javascript function pass eval #javascript eval function return value #javascript eval run function #javascript replace eval function #js eval function string #eval javascript function syntax #javascript eval to function #javascript eval string to function #javascript pass eval to function #js eval string to function #javascript function tostring eval #javascript eval to execute function #javascript eval function undefined #javascript eval use function #javascript calculator using eval function #javascript calculator without using eval function #javascript eval vs function #eval function javascript vulnerability #javascript eval with function #javascript replace eval with function #web.javascript_eval_function #javascript calculator without eval function #what is eval function in javascript #how to use eval function in javascript #.eval javascript #eval function in js #jquery eval function #eval() function in javascript

eval, javascript, node, node.js, nodejs