Skip to content Skip to sidebar Skip to footer
Home / Eval / Javascript

Is Using Javascript Eval() Safe For Simple Calculations In Inputs?

Post a Comment
I would like to allow user to perform simple calculations in the text inputs, so that typing 2*5 will result in 10. I'm replacing everything but digits with an empty string and the

Solution 1:

That is safe, not because you are sanitizing it, but because it's all entered by the user and run in their own browser. If they really wanted to enter malicious code, they could do it anyway by using firebug or web inspector, or even using a bookmarklet. Thankfully, there isn't much you can do maliciously with javascript except lock up your own browser :)

Solution 2:

this is safe because you are doing input validation before you put it into eval.

besides you should also add:

()%

Post a Comment for "Is Using Javascript Eval() Safe For Simple Calculations In Inputs?"