I have got the following function coming from an ajax call which is stored in a string variable.
obj.action="DisplayActivity('modalDisplay', 0, 4);"
I am trying to run it but without success. I tried with:
eval(obj.action);
and with:
window[obj.action]
Any ideas? Thanks.
asked Jan 15, 2019 at 23:46
D.B
4,36917 gold badges53 silver badges91 bronze badges
2 Answers 2
Try using New Function:
let s = "console.log('Hello '+a)",
call = new Function('a', s)
call('world!')Make sure to avoid to call stuffs from a GET/POST or this will lead to be a typical xss, allowing to change your DOM from a special crafted link.
answered Jan 16, 2019 at 0:04
NVRM
13.6k2 gold badges102 silver badges102 bronze badges
Sign up to request clarification or add additional context in comments.
Comments
I suppose it's a scoping problem.
Try:
eval("global.tmp = function(DisplayActivity){" + obj.action + "};");
global.tmp(DisplayActivity);
answered Jan 16, 2019 at 0:07
Nikita Malyschkin
6924 silver badges17 bronze badges
Comments
lang-js
evalto work,DisplayActivityshould be defined somewhere.DisplayActivityactually exist? You may be getting some errors in your console if it doesn't.evalworks, of course only if the function you are trying to call is in scope.window[obj.action]makes no sense.