Thread:Mathmagician/@comment-5333460-20131022043931/@comment-4674838-20131023030954

I am not sure if I could be of too much help, but my first piece of advice is probably what you were expecting me to say: Don't use eval!

Eval is very unsafe, because you're interpreting a string as source code and executing it. Where did that string come from? Did you make the string? – don't pass raw source code around, this is very strange design. Did someone else make the string? – how do you know they're not injecting malicious code into your program? Furthermore, by using eval, you're taking a performance hit. You're invoking a JavaScript interpreter, which is going to run slower in many cases compared optimized, modern JS engines.

To resolve your problem, one thing you should do is remove the eval's from your code and re-implement so that you're using an alternative design. If you're not sure what those alternatives might be, I'd be happy to look at your source code [if you have a link] and try to provide suggestions.

Hints:
 * If you're using eval to run other scripts (and you trust them), inject them into the HTML of the webpage yourself in a &lt;script&gt; tag.
 * If you're trying to pass data between scripts or webpages, then pass just the data, not source code! That's what JSON is for.