Wikifunctions:Eval
 |  This page is currently a draft. More information pertaining to this may be available on the talk page. Translation admins: Normally, drafts should not be marked for translation. |
Many programming languages provide a function called eval. What this function does is evaluate a string in the programming language as if the text in the string was in the code at the eval call. The problem with this is that the code put into eval has access to anything the code calling eval has access to. If there are any security holes in the sandboxing process, eval can more easily exploit them. Passing user input into eval is a privilege escalation vulnerability waiting to happen. DO NOT PASS USER INPUT TO EVAL. If you are writing a function that needs to evaluate user-provided input, write your own parser as that is much safer. There are many resources on the Internet to help you with that.