20/10/2011, 14:33
| Colaborador | | Fecha de Ingreso: junio-2008
Mensajes: 5.032
Antigüedad: 16 años, 7 meses Puntos: 1012 | |
Respuesta: Enlaces en formulario. estás hablando del acceso a variables dinámicas usando el objeto window. ese no es el problema. el problema es usar eval() Cita: Don't use eval!
eval() is a dangerous function, which executes the code it's passed with the privileges of the caller. If you run eval() with a string that could be affected by a malicious party, you may end up running malicious code on the user's machine with the permissions of your webpage / extension. More importantly, third party code can see the scope in which eval() was invoked, which can lead to possible attacks in ways of which the similar Function is not susceptible.
eval() is also generally slower than the alternatives, since it has to invoke the JS interpreter, while many other constructs are optimized by modern JS engines. leer mas |