Execute JavaScript code stored as a string

Question

How do I execute some JavaScript that is a string   function ExecuteJavascriptString         var s    alert  hello            how do I get a browser to alert  hello

User · Answer

New Function and apply   together works also  var a new Function  alert 1     a apply null

User · Answer

Try this     var script     lt script type  text javascript  gt  content  lt  script gt        using jquery next      body   append script    incorporates and executes inmediatelly   Personally  I didn t test it but seems to work

User · Answer

For users that are using node and that are concerned with the context implications of eval   nodejs offers vm  It creates a V8 virtual machine that can sandbox the execution of your code in a separate context    Taking things a step further is vm2 which hardens vm allowing the vm to run untrusted code    https   nodejs org api vm html - Official nodejs vm https   github com patriksimek vm2 - Extended vm2   const vm   require  vm     const x   1   const sandbox     x  2    vm createContext sandbox      Contextify the sandbox   const code    x    40  var y   17        x  and  y  are global variables in the sandboxed environment     Initially  x has the value 2 because that is the value of sandbox x  vm runInContext code  sandbox    console log sandbox x      42 console log sandbox y      17  console log x      1  y is not defined

User · Answer

eval s     Remember though  that eval is very powerful and quite unsafe  You better be confident that the script you are executing is safe and unmutable by users

User · Answer

I was answering similar question and got yet another idea how to achieve this without use of eval     const source    alert  test     const el   document createElement  script    el src   URL createObjectURL new Blob  source     type   text javascript       document head appendChild el     In the code above you basically create Blob  containing your script  in order to create Object URL  representation of File or Blob object in browser memory   Since you have src property on  lt script gt  tag  the script will be executed the same way as if it was loaded from any other URL

User · Answer

You can execute it using a function  Example   var theInstructions    alert  Hello World    var x   100    var F new Function  theInstructions    return F

User · Answer

eval s     But this can be dangerous if you are taking data from users  although I suppose if they crash their own browser thats their problem

User · Answer

eval should do it   eval s

User · Answer

new Function  alert  Hello          I think this is the best way

User · Answer

Use eval     W3 Schools tour of eval  Site has some usable examples of eval  The Mozilla  documentation covers this in detail   You will probably get a lot of warnings about using this safely  do NOT allow users to inject ANYTHING into eval   as it is a huge security issue   You ll also want to know that eval   has a different scope

User · Answer

Not sure if this is cheating or not   window say   function a    alert a       var a    say  hello      var p                                                    say  hello     say   hello    var fn   window p exec a  1                            get function reference by name  if  typeof fn       function        fn apply null   p exec a  2                        call it with params

User · Answer

Checked this on many complex and obfuscated scripts   var js    alert  Hello  World         put your JS code here var oScript   document createElement  script    var oScriptText   document createTextNode js   oScript appendChild oScriptText   document body appendChild oScript

User · Answer

The eval function will evaluate a string that is passed to it   But the use of eval can be dangerous  so use with caution   Edit  annakata has a good point -- Not only is eval dangerous  it is  slow  This is because the code to be evaluated must be parsed on the spot  so that will take some computing resources

User · Answer

One can use mathjs  Snippet from above link      evaluate expressions math evaluate  sqrt 3 2   4 2              5 math evaluate  sqrt -4                     2i math evaluate  2 inch to cm                5 08 cm math evaluate  cos 45 deg                  0 7071067811865476     provide a scope let scope         a  3      b  4   math evaluate  a   b   scope               12 math evaluate  c   2 3   4 5   scope       6 8 scope c                                   scope is any object  So if you pass the global scope to the evalute function  you may be able to execute alert   dynamically   Also mathjs is much better option than eval   because it runs in a sandbox       A user could try to inject malicious JavaScript code via the   expression parser  The expression parser of mathjs offers a sandboxed   environment to execute expressions which should make this impossible    It   s possible though that there are unknown security vulnerabilities    so it   s important to be careful  especially when allowing server side   execution of arbitrary expressions    Newer versions of mathjs does not use eval   or Function         The parser actively prevents access to JavaScripts internal eval and   new Function which are the main cause of security attacks  Mathjs   versions 4 and newer does not use JavaScript   s eval under the hood    Version 3 and older did use eval for the compile step  This is not   directly a security issue but results in a larger possible attack   surface

User · Answer

function executeScript source        var script   document createElement  script        script onload   script onerror   function    this remove           script src    data text plain base64     btoa source       document body appendChild script      executeScript  alert  Hello  World

User · Answer

A bit like what  Hossein Hajizadeh alerady said  though in more detail   There is an alternative to eval     The function setTimeout   is designed to execute something after an interval of milliseconds  and the code to be executed just so happens to be formatted as a string   It would work like this    x000D   x000D  ExecuteJavascriptString      Just for running it x000D   x000D  function ExecuteJavascriptString   x000D    x000D      var s    alert  hello     x000D      setTimeout s  1   x000D    x000D   x000D   x000D    1 means it will wait 1 millisecond before executing the string   It might not be the most correct way to do it  but it works

User · Answer

Use eval as below  Eval should be used with caution  a simple search about  eval is evil  should throw some pointers   function ExecuteJavascriptString         var s    alert  hello         eval s

User · Answer

Using both eval and creating a new Function to execute javascript comes with a lot of security risks    const script   document createElement  script    const stringJquery        button   on  click   function    console log  hit       script text   stringJquery  document body appendChild script     I prefer this method to execute the Javascript I receive as a string

User · Answer

With eval  my script here   function

User · Answer

If you want to execute a specific command  that is string  after a specific time   - cmd your  code   - InterVal delay to run   function ExecStr cmd  InterVal        try           setTimeout function                  var F   new Function cmd               return  F                InterVal         catch  e          sample ExecStr  alert 20   500

User · Answer

Run code using string  x000D   x000D  function runMe x y z   console log x   console log y   console log z          function name and parameters to pass var fnstring    runMe   var fnparams    1  2  3     lt --parameters     find object var fn   window fnstring       is object a function  if  typeof fn      function   fn apply null  fnparams     lt --apply parameter x000D  enter code here x000D   x000D   x000D

[javascript] Execute JavaScript code stored as a string

Examples related to javascript