What is it

Calling the constructor directly can create functions dynamically, but suffers from security and similar (but far less significant) performance issues as eval()

`eval()` is a security risk

Executing JavaScript from a string is an enormous security risk. It is far too easy for a bad actor to run arbitrary code using eval()

Solution

let obj = new Function("return " + objString + ";")();

Function Constructor

What is it

eval() is a security risk

Solution

`eval()` is a security risk