Solved

CQ HTTP eval in Classic UI Inbox

Forum|Forum|4 years ago
May 10, 2021
1 reply
803 views

Since this is part of CQ API, I want to know how I can replace eval() here. Using eval() is a vulnerability.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by Rohan_Garg

Hey @abhishekk861844,

This is an old unanswered query now but hopefully you got around a fix for it!

Evaluating JavaScript code from a string is hazardous. A string may consist of malicious code that will be run on the user's machine, and the scope, where eval() was called will be exposed for possible attacks.

The most simple alternative is to use windows.Function(). It creates a global scope function from the string.
Alternatively, eval(code) can artificially be replaced by (new Function('return '+code))()

Rohan_Garg

Accepted solution

Community Advisor

Hey @abhishekk861844,

This is an old unanswered query now but hopefully you got around a fix for it!

Evaluating JavaScript code from a string is hazardous. A string may consist of malicious code that will be run on the user's machine, and the scope, where eval() was called will be exposed for possible attacks.

The most simple alternative is to use windows.Function(). It creates a global scope function from the string.
Alternatively, eval(code) can artificially be replaced by (new Function('return '+code))()

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded