Merge pull request #292 from mengshukeji/feature

Feature
5 years ago · d2b25e8971
15 changed files with 38 additions and 38 deletions
--- a/src/controllers/insertFormula.js
+++ b/src/controllers/insertFormula.js
@ -329,7 +329,7 @@ const insertFormula = {
                }
            }
            else{ //参数是公式
-                $("#luckysheet-search-formula-parm .parmBox").eq(index).find(".val").text(" = {"+ eval($.trim(formula.functionParserExe("=" + parmtxt))) +"}");
+                $("#luckysheet-search-formula-parm .parmBox").eq(index).find(".val").text(" = {"+ (new Function("return " + $.trim(formula.functionParserExe("=" + parmtxt)))()) +"}");
            }
        })
@ -419,7 +419,7 @@ const insertFormula = {
            luckysheet_count_show(col_pre, row_pre, col - col_pre - 1, row - row_pre - 1, cellrange.row, cellrange.column);
-            $("#luckysheet-search-formula-parm .parmBox").eq(formula.data_parm_index).find(".val").text(" = {"+ eval($.trim(formula.functionParserExe("=" + parmtxt))) +"}");
+            $("#luckysheet-search-formula-parm .parmBox").eq(formula.data_parm_index).find(".val").text(" = {"+ (new Function("return " + $.trim(formula.functionParserExe("=" + parmtxt)))()) +"}");
        }
    },
    functionStrCompute: function(){
@ -476,7 +476,7 @@ const insertFormula = {
            let result = null;
            try {
-                result = eval(fp);
+                result = new Function("return " + fp)();
            } 
            catch (e) {
                result = formula.error.n;
--- a/src/controllers/menuButton.js
+++ b/src/controllers/menuButton.js
@ -2430,7 +2430,7 @@ const menuButton = {
                            }
                            $.post(loadSheetUrl, {"gridKey" : server.gridKey, "index": sheetindex.join(",")}, function (d) {
-                                let dataset = eval("(" + d + ")");
+                                let dataset = new Function("return " + d)();
                                setTimeout(function(){
                                    $("#luckysheetloadingdata").fadeOut().remove();
--- a/src/controllers/pivotTable.js
+++ b/src/controllers/pivotTable.js
@ -56,7 +56,7 @@ const pivotTable = {
        let realIndex = getSheetIndex(sheetIndex);
        if (getObjType(Store.luckysheetfile[realIndex].pivotTable) != "object"){
-            Store.luckysheetfile[realIndex].pivotTable = eval('('+ Store.luckysheetfile[realIndex].pivotTable +')');
+            Store.luckysheetfile[realIndex].pivotTable = new Function("return " + Store.luckysheetfile[realIndex].pivotTable )();
        }
        if (Store.luckysheetfile[realIndex].pivotTable != null) {
@ -860,7 +860,7 @@ const pivotTable = {
            pivotTable = $.extend(true, {}, Store.luckysheetfile[index]["pivotTable"]);
        }
        else{
-            pivotTable = eval('('+ pivotTable +')');
+            pivotTable = new Function("return " + pivotTable )();
        }
        return pivotTable
@ -2855,7 +2855,7 @@ const pivotTable = {
                }
            }
            else if (json.sumtype == "PRODUCT") {
-                json.result = eval(json.digitaldata.join("*"));
+                json.result = new Function("return " + json.digitaldata.join("*"))();
            }
            else if (json.sumtype == "STDEV") {
                let mean = json.sum / json.count;
--- a/src/controllers/server.js
+++ b/src/controllers/server.js
@ -168,7 +168,7 @@ const server = {
 	        //客户端接收服务端数据时触发
 	        _this.websocket.onmessage = function(result){
 				Store.result = result
-				let data = eval('(' + result.data + ')');
+				let data = new Function("return " + result.data )();
 				console.info(data);		
 				let type = data.type;
 				let {message,id} = data;
@ -433,7 +433,7 @@ const server = {
 	        let op = item.op, pos = item.pos;
 	        if(getObjType(value) != "object"){
-	            value = eval('('+ value +')');
+				value = new Function("return "+ value)();
 	        }
 	        let r = value.r, c = value.c;
@ -546,7 +546,7 @@ const server = {
 	                arr.push(JSON.stringify(addData[i]));
 	            }
-	            eval('data.splice(' + st_i + ', 0, ' + arr.join(",") + ')');
+				new Function("return " + 'data.splice(' + st_i + ', 0, ' + arr.join(",") + ')')();
 	        }
 	        else{
 	            file["column"] += len;
@ -906,7 +906,7 @@ const server = {
            console.log("request");
            if(_this.updateUrl != ""){
                $.post(_this.updateUrl, { compress: iscommpress, gridKey: _this.gridKey, data: params }, function (data) {
-                    let re = eval('('+ data +')')
+					let re = new Function("return " + data)();
                    if(re.status){
                        $("#luckysheet_info_detail_update").html("最近存档时间:"+ dayjs().format("M-D H:m:s"));
                        $("#luckysheet_info_detail_save").html("同步成功");
@ -966,7 +966,7 @@ const server = {
            if(_this.updateImageUrl != ""){
                // $.post(_this.updateImageUrl, { compress: true, gridKey: _this.gridKey, data:data1  }, function (data) {
                $.post(_this.updateImageUrl, { compress: false, gridKey: _this.gridKey, data:data1  }, function (data) {
-                    let re = eval('('+ data +')')
+					let re = new Function("return " + data)();
                    if(re.status){
                        imageRequestLast = dayjs();
                    }
--- a/src/controllers/sheetmanage.js
+++ b/src/controllers/sheetmanage.js
@ -847,7 +847,7 @@ const sheetmanage = {
                        return;
                    }
                    $.post(loadSheetUrl, {"gridKey" : server.gridKey, "index": sheetindex.join(",")}, function (d) {
-                        let dataset = eval("(" + d + ")");
+                        let dataset = new Function("return " + d)();
                        for(let item in dataset){
                            if(item == file["index"]){
@ -1167,7 +1167,7 @@ const sheetmanage = {
                let sheetindex = _this.checkLoadSheetIndex(file);
                $.post(loadSheetUrl, {"gridKey" : server.gridKey, "index": sheetindex.join(",")}, function (d) {
-                    let dataset = eval("(" + d + ")");
+                    let dataset = new Function("return " + d)();
                    file.celldata = dataset[index.toString()];
                    let data = _this.buildGridData(file);
@ -1722,7 +1722,7 @@ const sheetmanage = {
            let op = item.op, pos = item.pos;
            if(getObjType(value) != "object"){
-                value = eval('('+ value +')');
+                value = new Function("return " + value)();
            }
            let r = value.r, c = value.c;
--- a/src/core.js
+++ b/src/core.js
@ -156,7 +156,7 @@ luckysheet.create = function (setting) {
    }
    else {
        $.post(loadurl, {"gridKey" : server.gridKey}, function (d) {
-            let data = eval("(" + d + ")");
+            let data = new Function("return " + d)();
            Store.luckysheetfile = data;
            sheetmanage.initialjfFile(menu, title);
--- a/src/function/func.js
+++ b/src/function/func.js
@ -1577,7 +1577,7 @@ function luckysheet_calcADPMM(fp, sp, tp){
        value = numeral(fp).subtract(tp).value();
    }
    else if(sp=="%"){
-        value = eval(parseFloat(fp) + sp+ "(" + parseFloat(tp) + ")");
+        value = new Function("return " + parseFloat(fp) + sp + "(" + parseFloat(tp) + ")" )();
    }
    else if(sp=="/"){
        value = numeral(fp).divide(tp).value();
--- a/src/function/functionImplementation.js
+++ b/src/function/functionImplementation.js
@ -3310,12 +3310,12 @@ const functionImplementation = {
                                }
                                else{
                                    if (typeof value !== 'string') {
-                                        if (eval(value + criter)) {
+                                        if (new Function("return " + value + criter)()) {
                                            matches++;
                                        }
                                    }
                                    else {
-                                        if (eval('"' + value + '"' + criter)) {
+                                        if (new Function("return " + '"' + value + '"' + criter)()) {
                                            matches++;
                                        }
                                    }
@ -3335,12 +3335,12 @@ const functionImplementation = {
                        }
                        else{
                            if (typeof value !== 'string') {
-                                if (eval(value + criter)) {
+                                if (new Function("return " + value + criter)()) {  
                                    matches++;
                                }
                            }
                            else {
-                                if (eval('"' + value + '"' + criter)) {
+                                if (new Function("return " + '"' + value + '"' + criter)()) {
                                    matches++;
                                }
                            }
@ -25902,7 +25902,7 @@ const functionImplementation = {
                if(/\{.*?\}/.test(data)){
                    data = data.replace(/\{/g, "[").replace(/\}/g, "]");
                }
-                data = eval('('+ data +')');
+                data = new Function("return " + data)();
            }
            var stackconfig = arguments[1];
@ -26138,7 +26138,7 @@ const functionImplementation = {
                if(/\{.*?\}/.test(data)){
                    data = data.replace(/\{/g, "[").replace(/\}/g, "]");
                }
-                data = eval('('+ data +')');
+                data = new Function("return " + data)();
            }
            var stackconfig = arguments[1];
--- a/src/global/draw.js
+++ b/src/global/draw.js
@ -1085,7 +1085,7 @@ let sparklinesRender = function(r, c, offsetX, offsetY, canvasid, ctx){
    let sparklines = Store.flowdata[r][c].spl;
    if(sparklines != null){
        if(typeof sparklines == "string"){
-            sparklines = eval('('+ sparklines +')');
+            sparklines = new Function("return " + sparklines)();
        }
        if(getObjType(sparklines) == "object"){
--- a/src/global/extend.js
+++ b/src/global/extend.js
@ -713,14 +713,14 @@ function luckysheetextendtable(type, index, value, direction, sheetIndex) {
        if(direction == "lefttop"){
            if(index == 0){
-                eval('d.unshift(' + arr.join(",") + ')');
+                new Function("return " + 'd.unshift(' + arr.join(",") + ')')();
            }
            else{
-                eval('d.splice(' + index + ', 0, ' + arr.join(",") + ')');
+                new Function("return " + 'd.splice(' + index + ', 0, ' + arr.join(",") + ')')();
            }
        }
        else{ 
-            eval('d.splice(' + (index + 1) + ', 0, ' + arr.join(",") + ')');    
+            new Function("return " + 'd.splice(' + (index + 1) + ', 0, ' + arr.join(",") + ')')(); 
        }
    }
    else {
--- a/src/global/formula.js
+++ b/src/global/formula.js
@ -174,7 +174,7 @@ const luckysheetformula = {
                data = data.replace(/\{/g, "[").replace(/\}/g, "]");
            }
-            data = eval('('+ data +')');
+            data = new Function("return " + data)();
        }
        //把二维数组转换为一维数组，sparklines要求数据格式为一维数组
@ -2594,7 +2594,7 @@ const luckysheetformula = {
                if(isVal){
                    //公式计算
                    let fp = $.trim(_this.functionParserExe($("#luckysheet-rich-text-editor").text()));
-                    let result = eval(fp);
+                    let result = new Function("return " + fp)();
                    $("#luckysheet-search-formula-parm .result span").text(result);
                }
            }
@ -4816,7 +4816,7 @@ const luckysheetformula = {
            }
            try {
                Store.calculateSheetIndex = index;
-                let str = eval(function_str);
+                let str = new Function("return " + function_str)();
                if(str instanceof Object && str.startCell!=null){
                    str = str.startCell;
@ -5313,7 +5313,7 @@ const luckysheetformula = {
                let calc_funcStr = getcellFormula(item.r, item.c, item.index);
                if(cell != null && cell.f != null && cell.f == calc_funcStr){
                    if(!(item instanceof Object)){
-                        item = eval('('+ item +')');
+                        item = new Function("return " + item)();
                    }
                    item.color = "w";
@ -5665,7 +5665,7 @@ const luckysheetformula = {
                }
            }
-            result = eval(fp);
+            result = new Function("return " + fp)();
            //加入sparklines的参数项目
            if(fp.indexOf("SPLINES") > -1){
--- a/src/global/func_methods.js
+++ b/src/global/func_methods.js
@ -621,7 +621,7 @@ const func_methods = {
                    hasMatchingCriteria = true;
                    for (let p = 1; p < criteria.length; ++p) {
-                        currentCriteriaResult = currentCriteriaResult || eval(database[k][l] + criteria[p]);  // jshint ignore:line
+                        currentCriteriaResult = currentCriteriaResult || (new Function("return " + database[k][l] + criteria[p])());  // jshint ignore:line
                    }
                }
--- a/src/global/json.js
+++ b/src/global/json.js
@ -7,7 +7,7 @@ const json = {
        }
        else if(getObjType(obj) == "string"){
            try {
-                let json = eval('('+ obj +')');
+                let json = new Function("return " + obj)(); 
                return json;
            } 
            catch(e) {
--- a/src/global/method.js
+++ b/src/global/method.js
@ -354,7 +354,7 @@ const method = {
        let file = Store.luckysheetfile[getSheetIndex(index)];
        $.post(url, param, function (d) {
-            let dataset = eval("(" + d + ")");
+            let dataset = new Function("return " + d)();
            file.celldata = dataset[index.toString()];
            let data = sheetmanage.buildGridData(file);
--- a/src/global/refresh.js
+++ b/src/global/refresh.js
@ -164,7 +164,7 @@ function jfrefreshgrid(data, range, allParam, isRunExecFunction = true, isRefres
            window.luckysheetCurrentFunction = Store.flowdata[r1][c1].f;
            let fp = $.trim(formula.functionParserExe(Store.flowdata[r1][c1].f));
-            let sparklines = eval(fp);
+            let sparklines = new Function("return " +fp)();
            Store.flowdata[r1][c1].spl = sparklines;
        }
@ -976,7 +976,7 @@ function jfrefreshgrid_rhcw(rowheight, colwidth, isRefreshCanvas=true){
                window.luckysheetCurrentFunction = Store.flowdata[r][c].f;
                let fp = $.trim(formula.functionParserExe(Store.flowdata[r][c].f));
-                let sparklines = eval(fp);
+                let sparklines = new Function("return " + fp)();
                Store.flowdata[r][c].spl = sparklines;
                server.saveParam("v", Store.currentSheetIndex, Store.flowdata[r][c], { "r": r, "c": c });