The Eval That Men Do - A Large-Scale Study of the Use of Eval in JavaScript Applications
نویسندگان
چکیده
Transforming text into executable code with a function such as JavaScript’s eval endows programmers with the ability to extend applications, at any time, and in almost any way they choose. But, this expressive power comes at a price: reasoning about the dynamic behavior of programs that use this feature becomes challenging. Any ahead-of-time analysis, to remain sound, is forced to make pessimistic assumptions about the impact of dynamically created code. This pessimism affects the optimizations that can be applied to programs and significantly limits the kinds of errors that can be caught statically and the security guarantees that can be enforced. A better understanding of how eval is used could lead to increased performance and security. This paper presents a large-scale study of the use of eval in JavaScript-based web applications. We have recorded the behavior of 337 MB of strings given as arguments to 550,358 calls to the eval function exercised in over 10,000 web sites. We provide statistics on the nature and content of strings used in eval expressions, as well as their provenance and data obtained by observing their dynamic behavior. eval is evil. Avoid it. eval has aliases. Don’t use them. —Douglas Crockford
منابع مشابه
A Large-scale Study of the Use of Eval in JavaScript Applications
Transforming text into executable code with a function such as JavaScript’s eval endows programmers with the ability to extend applications, at any time, and in almost any way they choose. But this expressive power comes at a price. Reasoning about the dynamic behavior of programs that use this features becomes difficult. Any ahead-of-time analysis, to remain sound, is forced to make pessimisti...
متن کاملGeochemical Characterization of Kazhdumi Source Rock in the Khaviz Oil Field, Southwest of Iran, Using Rock-Eval Pyrolysis
The Khaviz oil field located in Dezful embayment is one of Iran’s southwest oil fields. In this study, a total of 28 cutting samples from Kazhdumi formation (well No. KZ1, Khaviz oil field) were subject to geochemical investigation using Rock-Eval pyrolysis for the first time. The results of pyrolysis indicated that Kazhdumi source rock has significant hydrocarbon production potentiality and al...
متن کاملA new approach to interpreting relationship between Rock-Eval S2 and TOC data for source rock evaluation based on regression analyses
To evaluate the relationship between total organic carbon (TOC) and Rock-Eval S2 (petroleum potential) of petroleum source rocks, atotal of 180 outcrop samples from the black organic matter–rich facies of Mesozoic strata from a locality of southwest of Iran wereinvestigated using Rock-Eval VI pyrolysis and Leco Carbon Analyzer. The linear regression is applied to determine the correlationbetwee...
متن کاملSource Rock Evaluation of the Cenomanian Middle Sarvak (Ahmadi) Formation in the Iranian Sector of the Persian Gulf
The middle Sarvak formation (Cenomanian) is one of the stratigraphic units of the Bangestan group in the south of Iran. This formation is stratigraphically equivalent to the Ahmadi member of Kuwait and Iraq. There is geochemical evidence that indicates this unit has a high level of organic richness and can be a possible source rock in various locations. This study focuses on the organic geochem...
متن کاملAutomatic fault localization for client-side JavaScript
JAVASCRIPT is a scripting language that plays a prominent role in web applications today. It is dynamic, loosely typed, asynchronous, and is extensively used to interact with the DOM at runtime. All these characteristics make JAVASCRIPT code error-prone; unfortunately, JAVASCRIPT fault localization remains a tedious and mainly manual task. Despite these challenges, the problem has received very...
متن کامل