44

Developers who use JavaScript "eval(...)" deserve a normal place in hell.
Developers who use JavaScript eval() within eval() deserve the most special place in hell. 🔥

Comments
  • 11
    I think I’ve found a legitimate use for eval once, maybe twice in my life?
  • 11
    @Root

    I run evals to process javascript embedded in css files, I will not deliberate any further.
  • 8
    @msdsk My condolences …
  • 5
    Well, two-space indents but also spaces padding parentheses and brackets.
    His eval addiction certainly is just another symptom of a way bigger problem...
  • 2
    @Oktokolo agreeing with everything except two-space indentation (come on, just have consistency across certain codebase - lile it or not, but IDE can handle it).
  • 4
    @msdsk BTW: The JS file where I took this snippet from contained 50% PHP, but at this point nothing can shock me anymore. 😄
  • 2
    @vintprox
    It wasn't about two-space indents - but two-space indents combined with space-padded parenthesis and brackets.
    Go for low amounts of non-syntax whitespace or high amounts - but not both at the same time.
  • 2
    @Oktokolo true that. Never understood why people decorate code with long ass-spaced comments, for example, but don't automate the formatting.
  • 1
    @vintprox
    Even using JetBrains IDEs i never found auto-formatting configurable enough to not get in the way too often.

    The formatting is for making the code more human-redable.
    It therefore has to be adjustable by humans.
    Auto-reformatting entire blocks of code definitely is an option for real dirty code at the start of major refactoring tasks though.
  • 3
    @Oktokolo I'd entrust this task to language server that was designed solely for formatting (like Prettier) instead of IDE. Not only because IDE may limit the options galore, but also because command line interface is most compatible with VCS tooling, which ensures that garbage doesn't slip into commit regardless of editor.
  • 3
    @vintprox
    Wow, did not expect such a thing to even exist. I honestly never thought about formatting code as an extra step - i just write my code in the correct format.

    But i definitely see the use of such a tool for large-scale projects and as the first action when starting the refactoring of a rotten code base...
  • 3
    @Oktokolo Oh... but there is more!

    What's extra neat in this is that boilerplate generators for small and big plugins can utilize this same tooling (which takes into consideration a formatter configuration of project) - to generate code valid for your dev needs from the get-go.

    One of good examples would be:
    - to start a SvelteKit project,
    - then configure Prettier to your liking (don't like tabs/spaces? easy-squeazy switch),
    - then use adders/addons/plugins like https://github.com/svelte-add/... that put the additional boilerplate through Prettier.

    It's just the workflow that I'm not feeling ashamed of to present to any novice or pro. It's just that considerate.
  • 2
    @vintprox
    I am running a strict no boilerplates policy.
    If a lib needs boilerplates for regular use, it gets wrapped in a convenience layer that eliminates that need.

    I am also somewhat against code generators - but am also not drawing UML before starting to code (making the one use case where code generation really shines not happen in my workflow).

    Code generators tend to generate the most ugly code by default and normally don't feature full style customization though.
    So i definitely see the benefit of automatic format sanitization in that use cases.
  • 2
    @Oktokolo I'm talking more about configuration files for according frameworks - it is simply convenient to have those instead of one bloated file (oh TFW someone dirties package.json with their nasty inflexible configs).

    I agree, one shouldn't be turning a blind eye on any new files and embrace some separation.
  • 3
    I once worked on a project where they tortured Camunda, a BPMN software, to perform routing, make API calls to microservices and things way worse than that.

    It wasn't built for any of this. They even repurposed some blocks to allow developers to write "server side JavaScript".

    They'd export the BPMN diagram in an XML file and run a string eval on all those fields.

    I've never seen a solution so frightening yet impressive
  • 0
  • 2
    I have "legacy SPA" apps where js uses XMLHttpRequest to post at Ajax.php for some raw JS to run with eval.
    Usually some jQuery Dom mutations.
Add Comment