JavaScript has an eval function that accepts a string, evaluates it and processes the code contained within the string. Here is an example…
Notice that the string in the variable is actually JavaScript code. If we use the eval function…
The code within the string will run. This is powerful, but dangerous! Imagine you had an app where users can provide their own information in your app, such as a form field or something. A hacker could put a string in the user accepted fields and that string could have malicious code that gets run by the eval function.
So the rule of thumb is to not use the eval function at all in your code. It is too risky. You might run across it in some code out there. If you do, change it immediately!