Facebook Twitter

Learn How to Code this Weekend. Programmer 101: Teach Yourself How to Code. Learn to Code Epilogue: Best Practices and Additional Resources. Great post.

Learn to Code Epilogue: Best Practices and Additional Resources

The bit about comments being even for yourself 6 months from now is so true it's not even funny. Just to clarify (and further stress) why eval in JavaScript is evil: It's not that it just treats a string as a variable per se; it attempts to *execute* any string as JavaScript code. This means that you could put anything that would run in JavaScript into a string, throw it into that function, and it'd run. Why is this evil? For both security and performance reasons. Security, because if you somehow manage to throw some unsanitized user input straight into an eval call, you're basically opening yourself up to a potential world of hurt.

Performance, because in order to execute the string passed to eval as code, an additional instance of the JavaScript runtime is fired up to execute it. Also keep in mind, calling setTimeout with a string parameter is equivalent to calling eval; you should pass setTimeout a function instead whenever possible. Function doStuff() { return { foo: 'bar'