Hello,
I want to use eval to calculate the result of a string that contains different operations. I am sanitising the input string in advance so no-one can run malicious code in my app, but the console shows this error:
Hi! What is the use case, i.e. what is the user input’ing? By knowing more about the use case / problem, we might suggest something better than using eval.
We are building a calculator that looks like this:
The case is that each row is an object, so what I am doing is going through the database and then evaluate the expression. Another problem that we are encountering is that we also need to manage the arithmetic operations for the units, so what I am starting to do now is implementing myself the eval() function so I can manage the units at the same time as doing the calculations for the numbers with the correct order.
We are following the PEMDAS order for operations
Hi!
You may add unsafe-eval as script src in Environment config (content security policy section).
In this case I would assume it’s ok, but in general, it is not recommended to allow unsafe-eval from a security perspective: