It's been many years since I wrote that but I think the point is that the stupid eval was necessary because of IE. Then again, I've stopped caring about it working in IE.
People, DO NOT USE eval(). Especially not in such an easy cases.
eval("element.style."+k+"='"+v+"'");
is almost identical (I'll explain) to this:
element.style[k] = v;
When you create an object: var obj = { a: 1, b: 2, c: 3 };
You can (get or) set the values like:
obj.a = 10
which is identical to:
obj["a"] = 10
As to where that eval("element.style."+k+"='"+v+"'"); differs from the direct method is that if you'd try to set for example a background image, this'd be the css:
background-image: url('/images/someImage.png')
If you use that in the eval, this is the code that'll be evaluated:
element.style.backgroundImage='url('/images/someImage.png')'
Which obviously results in a syntax error because of the single quotes. Of course that could be solved by first replacing \ into \\ and then ' into \'.
Eval is evil, there are rarely ever situations where there's need for eval, and even if there are try your absolute best to find a way around.
Such a small change avoids:
1. The performance hit you have from using eval()
2. Making your code less secure (for example, if some 3rd party code executes: _setStyle(someElement, "width: 10px' alert('My evil message, muauauauaua') var rndDump = '; height: 10px;"), it would of course run the injected code)
3. Spreading bad code like this across other people's sites, possibly harming the identity and privacy of people browsing the web.
Unless you're doing commercial work that's always a good choice :P. Nevertheless even in IE this eval wasn't necessary :).
And I also know that this is an old article, but these are still the articles beginners find when they run into this issue, and that's why I made the comment. Event at my old company where I had co-workers who all finished collage for web development, and they still didn't know how to write proper javascript and had all sorts of hacky scripts like this one in their code.
Comment
It's been many years since I wrote that but I think the point is that the stupid eval was necessary because of IE.
Then again, I've stopped caring about it working in IE.
Parent comment
People, DO NOT USE eval(). Especially not in such an easy cases. eval("element.style."+k+"='"+v+"'"); is almost identical (I'll explain) to this: element.style[k] = v; When you create an object: var obj = { a: 1, b: 2, c: 3 }; You can (get or) set the values like: obj.a = 10 which is identical to: obj["a"] = 10 As to where that eval("element.style."+k+"='"+v+"'"); differs from the direct method is that if you'd try to set for example a background image, this'd be the css: background-image: url('/images/someImage.png') If you use that in the eval, this is the code that'll be evaluated: element.style.backgroundImage='url('/images/someImage.png')' Which obviously results in a syntax error because of the single quotes. Of course that could be solved by first replacing \ into \\ and then ' into \'. Eval is evil, there are rarely ever situations where there's need for eval, and even if there are try your absolute best to find a way around. Such a small change avoids: 1. The performance hit you have from using eval() 2. Making your code less secure (for example, if some 3rd party code executes: _setStyle(someElement, "width: 10px' alert('My evil message, muauauauaua') var rndDump = '; height: 10px;"), it would of course run the injected code) 3. Spreading bad code like this across other people's sites, possibly harming the identity and privacy of people browsing the web.
Replies
Unless you're doing commercial work that's always a good choice :P.
Nevertheless even in IE this eval wasn't necessary :).
And I also know that this is an old article, but these are still the articles beginners find when they run into this issue, and that's why I made the comment.
Event at my old company where I had co-workers who all finished collage for web development, and they still didn't know how to write proper javascript and had all sorts of hacky scripts like this one in their code.