JavaScript - evil of EVAL, why?

Hi guys,

why is eval such bad practice. I’ve never used it, but still would like to understand.


It’s not that bad, but it’s easily misused. eval() runs arbitrary JavaScript code, so it requires a compilation, and it could be a security risk. As much as I love typing, I can’t say it any better than Angus Croll.

I have personally not used eval before. But in his excellent “You Dont know JS” book, Kyle Simpson explains that eval cheats by modifying lexical scope at run time. See here.

And then he goes on to say that cheating lexical scope at run time leads to poor performance because the engine cannot perform compile time optimizations. It has to assume compile time optimizations are invalid.

See the section on performance here.


Thank you my friends.