javascript eval() and security

Question

developer.mozilla.org says:

Don\'t use eval needlessly! eval() is a dangerous function, which executes the code it\'s passed with the privileges of

Answer 1

Yes, of course there is secure JavaScript. You can always modify the JavaScript in your browser, same way you can modify e.g. python programs running on your machine.

Being able to alter the way code on your own machine works is trivial and is not immediately a security issue.

Eval() is often seen problematic, as it tends to be executed with user-generated input (I would argue that the genuine use cases where this is not true are quite few). Why this might be an issue is explained by @SilverlightFox in his excellent answer. It all boils down to the fact that eval() might be exploited to run YOUR code on somebody else's machine, and THAT is a security issue.

Note that this is not specific to JavaScript alone, most languages have similarly named functions that do the same. These functions come with similar warnings.