From 08b634e906682f005f65cff2df8c56313b70288d Mon Sep 17 00:00:00 2001 From: flowerField Date: Wed, 25 Nov 2020 15:44:06 +0800 Subject: [PATCH] remove eval , Replace with new Function('') --- src/controllers/insertFormula.js | 6 +++--- src/controllers/menuButton.js | 2 +- src/controllers/pivotTable.js | 6 +++--- src/controllers/server.js | 10 +++++----- src/controllers/sheetmanage.js | 6 +++--- src/core.js | 2 +- src/function/func.js | 2 +- src/function/functionImplementation.js | 12 ++++++------ src/global/draw.js | 2 +- src/global/extend.js | 8 ++++---- src/global/formula.js | 10 +++++----- src/global/func_methods.js | 2 +- src/global/json.js | 2 +- src/global/method.js | 2 +- src/global/refresh.js | 4 ++-- 15 files changed, 38 insertions(+), 38 deletions(-) diff --git a/src/controllers/insertFormula.js b/src/controllers/insertFormula.js index 4eceeb2..2b030fb 100644 --- a/src/controllers/insertFormula.js +++ b/src/controllers/insertFormula.js @@ -329,7 +329,7 @@ const insertFormula = { } } else{ //参数是公式 - $("#luckysheet-search-formula-parm .parmBox").eq(index).find(".val").text(" = {"+ eval($.trim(formula.functionParserExe("=" + parmtxt))) +"}"); + $("#luckysheet-search-formula-parm .parmBox").eq(index).find(".val").text(" = {"+ (new Function("return " + $.trim(formula.functionParserExe("=" + parmtxt)))()) +"}"); } }) @@ -419,7 +419,7 @@ const insertFormula = { luckysheet_count_show(col_pre, row_pre, col - col_pre - 1, row - row_pre - 1, cellrange.row, cellrange.column); - $("#luckysheet-search-formula-parm .parmBox").eq(formula.data_parm_index).find(".val").text(" = {"+ eval($.trim(formula.functionParserExe("=" + parmtxt))) +"}"); + $("#luckysheet-search-formula-parm .parmBox").eq(formula.data_parm_index).find(".val").text(" = {"+ (new Function("return " + $.trim(formula.functionParserExe("=" + parmtxt)))()) +"}"); } }, functionStrCompute: function(){ @@ -476,7 +476,7 @@ const insertFormula = { let result = null; try { - result = eval(fp); + result = new Function("return " + fp)(); } catch (e) { result = formula.error.n; diff --git a/src/controllers/menuButton.js b/src/controllers/menuButton.js index 0b9a3d5..c41a17e 100644 --- a/src/controllers/menuButton.js +++ b/src/controllers/menuButton.js @@ -2430,7 +2430,7 @@ const menuButton = { } $.post(loadSheetUrl, {"gridKey" : server.gridKey, "index": sheetindex.join(",")}, function (d) { - let dataset = eval("(" + d + ")"); + let dataset = new Function("return " + d)(); setTimeout(function(){ $("#luckysheetloadingdata").fadeOut().remove(); diff --git a/src/controllers/pivotTable.js b/src/controllers/pivotTable.js index e83f3e4..5ae04ca 100644 --- a/src/controllers/pivotTable.js +++ b/src/controllers/pivotTable.js @@ -56,7 +56,7 @@ const pivotTable = { let realIndex = getSheetIndex(sheetIndex); if (getObjType(Store.luckysheetfile[realIndex].pivotTable) != "object"){ - Store.luckysheetfile[realIndex].pivotTable = eval('('+ Store.luckysheetfile[realIndex].pivotTable +')'); + Store.luckysheetfile[realIndex].pivotTable = new Function("return " + Store.luckysheetfile[realIndex].pivotTable )(); } if (Store.luckysheetfile[realIndex].pivotTable != null) { @@ -860,7 +860,7 @@ const pivotTable = { pivotTable = $.extend(true, {}, Store.luckysheetfile[index]["pivotTable"]); } else{ - pivotTable = eval('('+ pivotTable +')'); + pivotTable = new Function("return " + pivotTable )(); } return pivotTable @@ -2855,7 +2855,7 @@ const pivotTable = { } } else if (json.sumtype == "PRODUCT") { - json.result = eval(json.digitaldata.join("*")); + json.result = new Function("return " + json.digitaldata.join("*"))(); } else if (json.sumtype == "STDEV") { let mean = json.sum / json.count; diff --git a/src/controllers/server.js b/src/controllers/server.js index 264531f..2c67a3b 100644 --- a/src/controllers/server.js +++ b/src/controllers/server.js @@ -168,7 +168,7 @@ const server = { //客户端接收服务端数据时触发 _this.websocket.onmessage = function(result){ Store.result = result - let data = eval('(' + result.data + ')'); + let data = new Function("return " + result.data )(); console.info(data); let type = data.type; let {message,id} = data; @@ -433,7 +433,7 @@ const server = { let op = item.op, pos = item.pos; if(getObjType(value) != "object"){ - value = eval('('+ value +')'); + value = new Function("return "+ value)(); } let r = value.r, c = value.c; @@ -546,7 +546,7 @@ const server = { arr.push(JSON.stringify(addData[i])); } - eval('data.splice(' + st_i + ', 0, ' + arr.join(",") + ')'); + new Function("return " + 'data.splice(' + st_i + ', 0, ' + arr.join(",") + ')')(); } else{ file["column"] += len; @@ -906,7 +906,7 @@ const server = { console.log("request"); if(_this.updateUrl != ""){ $.post(_this.updateUrl, { compress: iscommpress, gridKey: _this.gridKey, data: params }, function (data) { - let re = eval('('+ data +')') + let re = new Function("return " + data)(); if(re.status){ $("#luckysheet_info_detail_update").html("最近存档时间:"+ dayjs().format("M-D H:m:s")); $("#luckysheet_info_detail_save").html("同步成功"); @@ -966,7 +966,7 @@ const server = { if(_this.updateImageUrl != ""){ // $.post(_this.updateImageUrl, { compress: true, gridKey: _this.gridKey, data:data1 }, function (data) { $.post(_this.updateImageUrl, { compress: false, gridKey: _this.gridKey, data:data1 }, function (data) { - let re = eval('('+ data +')') + let re = new Function("return " + data)(); if(re.status){ imageRequestLast = dayjs(); } diff --git a/src/controllers/sheetmanage.js b/src/controllers/sheetmanage.js index b8fbddf..f8e13d2 100644 --- a/src/controllers/sheetmanage.js +++ b/src/controllers/sheetmanage.js @@ -847,7 +847,7 @@ const sheetmanage = { return; } $.post(loadSheetUrl, {"gridKey" : server.gridKey, "index": sheetindex.join(",")}, function (d) { - let dataset = eval("(" + d + ")"); + let dataset = new Function("return " + d)(); for(let item in dataset){ if(item == file["index"]){ @@ -1167,7 +1167,7 @@ const sheetmanage = { let sheetindex = _this.checkLoadSheetIndex(file); $.post(loadSheetUrl, {"gridKey" : server.gridKey, "index": sheetindex.join(",")}, function (d) { - let dataset = eval("(" + d + ")"); + let dataset = new Function("return " + d)(); file.celldata = dataset[index.toString()]; let data = _this.buildGridData(file); @@ -1722,7 +1722,7 @@ const sheetmanage = { let op = item.op, pos = item.pos; if(getObjType(value) != "object"){ - value = eval('('+ value +')'); + value = new Function("return " + value)(); } let r = value.r, c = value.c; diff --git a/src/core.js b/src/core.js index 17c3a88..ebfa392 100644 --- a/src/core.js +++ b/src/core.js @@ -156,7 +156,7 @@ luckysheet.create = function (setting) { } else { $.post(loadurl, {"gridKey" : server.gridKey}, function (d) { - let data = eval("(" + d + ")"); + let data = new Function("return " + d)(); Store.luckysheetfile = data; sheetmanage.initialjfFile(menu, title); diff --git a/src/function/func.js b/src/function/func.js index 8000652..3ffdc89 100644 --- a/src/function/func.js +++ b/src/function/func.js @@ -1577,7 +1577,7 @@ function luckysheet_calcADPMM(fp, sp, tp){ value = numeral(fp).subtract(tp).value(); } else if(sp=="%"){ - value = eval(parseFloat(fp) + sp+ "(" + parseFloat(tp) + ")"); + value = new Function("return " + parseFloat(fp) + sp + "(" + parseFloat(tp) + ")" )(); } else if(sp=="/"){ value = numeral(fp).divide(tp).value(); diff --git a/src/function/functionImplementation.js b/src/function/functionImplementation.js index a3b37b5..f5f1a90 100644 --- a/src/function/functionImplementation.js +++ b/src/function/functionImplementation.js @@ -3310,12 +3310,12 @@ const functionImplementation = { } else{ if (typeof value !== 'string') { - if (eval(value + criter)) { + if (new Function("return " + value + criter)()) { matches++; } } else { - if (eval('"' + value + '"' + criter)) { + if (new Function("return " + '"' + value + '"' + criter)()) { matches++; } } @@ -3335,12 +3335,12 @@ const functionImplementation = { } else{ if (typeof value !== 'string') { - if (eval(value + criter)) { + if (new Function("return " + value + criter)()) { matches++; } } else { - if (eval('"' + value + '"' + criter)) { + if (new Function("return " + '"' + value + '"' + criter)()) { matches++; } } @@ -25902,7 +25902,7 @@ const functionImplementation = { if(/\{.*?\}/.test(data)){ data = data.replace(/\{/g, "[").replace(/\}/g, "]"); } - data = eval('('+ data +')'); + data = new Function("return " + data)(); } var stackconfig = arguments[1]; @@ -26138,7 +26138,7 @@ const functionImplementation = { if(/\{.*?\}/.test(data)){ data = data.replace(/\{/g, "[").replace(/\}/g, "]"); } - data = eval('('+ data +')'); + data = new Function("return " + data)(); } var stackconfig = arguments[1]; diff --git a/src/global/draw.js b/src/global/draw.js index 4364399..8b7209f 100644 --- a/src/global/draw.js +++ b/src/global/draw.js @@ -1085,7 +1085,7 @@ let sparklinesRender = function(r, c, offsetX, offsetY, canvasid, ctx){ let sparklines = Store.flowdata[r][c].spl; if(sparklines != null){ if(typeof sparklines == "string"){ - sparklines = eval('('+ sparklines +')'); + sparklines = new Function("return " + sparklines)(); } if(getObjType(sparklines) == "object"){ diff --git a/src/global/extend.js b/src/global/extend.js index 904660e..624fd7a 100644 --- a/src/global/extend.js +++ b/src/global/extend.js @@ -713,14 +713,14 @@ function luckysheetextendtable(type, index, value, direction, sheetIndex) { if(direction == "lefttop"){ if(index == 0){ - eval('d.unshift(' + arr.join(",") + ')'); + new Function("return " + 'd.unshift(' + arr.join(",") + ')')(); } else{ - eval('d.splice(' + index + ', 0, ' + arr.join(",") + ')'); + new Function("return " + 'd.splice(' + index + ', 0, ' + arr.join(",") + ')')(); } } - else{ - eval('d.splice(' + (index + 1) + ', 0, ' + arr.join(",") + ')'); + else{ + new Function("return " + 'd.splice(' + (index + 1) + ', 0, ' + arr.join(",") + ')')(); } } else { diff --git a/src/global/formula.js b/src/global/formula.js index 4d2c5ea..4440bca 100644 --- a/src/global/formula.js +++ b/src/global/formula.js @@ -174,7 +174,7 @@ const luckysheetformula = { data = data.replace(/\{/g, "[").replace(/\}/g, "]"); } - data = eval('('+ data +')'); + data = new Function("return " + data)(); } //把二维数组转换为一维数组,sparklines要求数据格式为一维数组 @@ -2594,7 +2594,7 @@ const luckysheetformula = { if(isVal){ //公式计算 let fp = $.trim(_this.functionParserExe($("#luckysheet-rich-text-editor").text())); - let result = eval(fp); + let result = new Function("return " + fp)(); $("#luckysheet-search-formula-parm .result span").text(result); } } @@ -4801,7 +4801,7 @@ const luckysheetformula = { } try { Store.calculateSheetIndex = index; - let str = eval(function_str); + let str = new Function("return " + function_str)(); if(str instanceof Object && str.startCell!=null){ str = str.startCell; @@ -5013,7 +5013,7 @@ const luckysheetformula = { let calc_funcStr = getcellFormula(item.r, item.c, item.index); if(cell != null && cell.f != null && cell.f == calc_funcStr){ if(!(item instanceof Object)){ - item = eval('('+ item +')'); + item = new Function("return " + item)(); } item.color = "w"; @@ -5365,7 +5365,7 @@ const luckysheetformula = { } } - result = eval(fp); + result = new Function("return " + fp)(); //加入sparklines的参数项目 if(fp.indexOf("SPLINES") > -1){ diff --git a/src/global/func_methods.js b/src/global/func_methods.js index 9b195db..beebf77 100644 --- a/src/global/func_methods.js +++ b/src/global/func_methods.js @@ -621,7 +621,7 @@ const func_methods = { hasMatchingCriteria = true; for (let p = 1; p < criteria.length; ++p) { - currentCriteriaResult = currentCriteriaResult || eval(database[k][l] + criteria[p]); // jshint ignore:line + currentCriteriaResult = currentCriteriaResult || (new Function("return " + database[k][l] + criteria[p])()); // jshint ignore:line } } diff --git a/src/global/json.js b/src/global/json.js index 9ea37a4..fed09c5 100644 --- a/src/global/json.js +++ b/src/global/json.js @@ -7,7 +7,7 @@ const json = { } else if(getObjType(obj) == "string"){ try { - let json = eval('('+ obj +')'); + let json = new Function("return " + obj)(); return json; } catch(e) { diff --git a/src/global/method.js b/src/global/method.js index ec774f3..86726d8 100644 --- a/src/global/method.js +++ b/src/global/method.js @@ -354,7 +354,7 @@ const method = { let file = Store.luckysheetfile[getSheetIndex(index)]; $.post(url, param, function (d) { - let dataset = eval("(" + d + ")"); + let dataset = new Function("return " + d)(); file.celldata = dataset[index.toString()]; let data = sheetmanage.buildGridData(file); diff --git a/src/global/refresh.js b/src/global/refresh.js index f6b5789..db2336a 100644 --- a/src/global/refresh.js +++ b/src/global/refresh.js @@ -164,7 +164,7 @@ function jfrefreshgrid(data, range, allParam, isRunExecFunction = true, isRefres window.luckysheetCurrentFunction = Store.flowdata[r1][c1].f; let fp = $.trim(formula.functionParserExe(Store.flowdata[r1][c1].f)); - let sparklines = eval(fp); + let sparklines = new Function("return " +fp)(); Store.flowdata[r1][c1].spl = sparklines; } @@ -938,7 +938,7 @@ function jfrefreshgrid_rhcw(rowheight, colwidth, isRefreshCanvas=true){ window.luckysheetCurrentFunction = Store.flowdata[r][c].f; let fp = $.trim(formula.functionParserExe(Store.flowdata[r][c].f)); - let sparklines = eval(fp); + let sparklines = new Function("return " + fp)(); Store.flowdata[r][c].spl = sparklines; server.saveParam("v", Store.currentSheetIndex, Store.flowdata[r][c], { "r": r, "c": c });