Eval is evil… So what should I use instead?

Question

An ajax request returns me a standard JSON array filled with my user\'s inputs. The input has been sanitized, and using the eval() function, I can easily create my javascrip

Answer 1

If you're certain there's no injection risk, and you're not eval()ing in a loop, then use eval(). It will compare favorably to other options which will certainly be slower, might break, and will require the client to download additional code.

Answer 2

Compare to the command design pattern: http://en.wikipedia.org/wiki/Command_pattern. Given this, you can precisely define the operations a client can execute and your application will be as safe as the underlying interpretation.

Answer 3

Depends on what you're trying to accomplish with the sanitation. I've had great success w/the prototype framework's support for JSON and safe evaluation.