HomeToolsAbout a20k

Function Constructor

What is it

Calling the constructor directly can create functions dynamically, but suffers from security and similar (but far less significant) performance issues as eval()

eval() is a security risk

Executing JavaScript from a string is an enormous security risk. It is far too easy for a bad actor to run arbitrary code using eval()

Solution

let obj = new Function("return " + objString + ";")();
© VincentVanKoh