if I am not mistaken eval executes valid code in a given string
eval("alert('hey')");
and
setTimeout("alert('hey')",1000);
does just about the same thing, only with a timer. is set timeout just as risky as eval?
if I am not mistaken eval executes valid code in a given string
eval("alert('hey')");
and
setTimeout("alert('hey')",1000);
does just about the same thing, only with a timer. is set timeout just as risky as eval?
Share Improve this question edited Jun 22, 2011 at 16:31 demongolem 9,70836 gold badges97 silver badges105 bronze badges asked Aug 16, 2010 at 9:39 Abdullah KhanAbdullah Khan 2,4153 gold badges23 silver badges34 bronze badges 1- 3 Good question :) And I guess the answer is yes More here stackoverflow.com/questions/197769/… – mplungjan Commented Aug 16, 2010 at 9:41
2 Answers
Reset to default 20I'd say you hear the same objections. setTimeout (with string and not function parameters) is pretty much the same as eval.
If possible,
setTimeout(function(){ alert ("hey") ; }, 1000);
Because when people say "eval", they mean "eval and any function that is more or less equivalent to eval", but the former is much shorter to say. So the answer to your question is yes, it is as risky.