CQ HTTP eval in Classic UI Inbox | Community
Skip to main content
A
abhishekk861844
New Participant
May 10, 2021
Solved

CQ HTTP eval in Classic UI Inbox

  • May 10, 2021
  • 1 reply
  • 802 views

Since this is part of CQ API, I want to know how I can replace eval() here. Using  eval() is a vulnerability.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Rohan_Garg

Hey @abhishekk861844,

This is an old unanswered query now but hopefully you got around a fix for it!

Evaluating JavaScript code from a string is hazardous. A string may consist of malicious code that will be run on the user's machine, and the scope, where eval() was called will be exposed for possible attacks.

The most simple alternative is to use windows.Function(). It creates a global scope function from the string. 
Alternatively, eval(code) can artificially be replaced by (new Function('return '+code))()

1 reply

Rohan_Garg
Rohan_GargAccepted solution
New Participant
September 18, 2024

Hey @abhishekk861844,

This is an old unanswered query now but hopefully you got around a fix for it!

Evaluating JavaScript code from a string is hazardous. A string may consist of malicious code that will be run on the user's machine, and the scope, where eval() was called will be exposed for possible attacks.

The most simple alternative is to use windows.Function(). It creates a global scope function from the string. 
Alternatively, eval(code) can artificially be replaced by (new Function('return '+code))()

    Terms & ConditionsAccessibility statement

    Loading footer...