|Property/method value type:||Depends on the script source passed as an argument|
|Argument list:||aSourceText||A string value containing some syntactically correct script source code|
When the eval() function is called, it expects a string to be passed to it as its single argument value. The contents of that string should be syntactically correct executable script source text.
The script code gets executed and any result it generates is returned. That value must be explicitly returned, otherwise the result will be undefined.
If the script source passed to the eval() function cannot be parsed without failure, a run-time error will result.
It would be an unusual thing to do anyway, but the possibility may be there to compromise your server security. It rather depends on the security in the hosting environment. Possibly an eval() action is not permitted to do things that a non-user-modifiable script embedded in a web page can do. However, this is likely to be very implementation specific.
// Create some script source var scriptCode = "c = a * b"; var a = 5; var b = 10; var c = 2; document.write(c); document.write("<BR>"); eval(scriptCode); document.write(c);
ECMA 262 edition 2 - section - 10.1.2
ECMA 262 edition 2 - section - 18.104.22.168
ECMA 262 edition 3 - section - 10.1.2
ECMA 262 edition 3 - section - 22.214.171.124