Test Eval

Eval() is a dangerous javascript function as it can execute the code which is passed to it with the privilege of the caller. If a website uses eval in a wrong manner, it may result in cross-site scripting attacks (XSS). Therefore, it might be a good idea to disable or limit the functionality of eval and similar methods in the browser. You can use this web app to check whether eval or similar methods are allowed or blocked in your browser.

What is Test Eval?

Test Eval is a web app to tell you whether eval() is allowed in your browser or not. Other methods similar to eval, like new Function(), setTimeout, and setInterval can also be checked here. Please note that setTimeout or setInterval is only dangerous if you pass a string as the input argument. As mentioned above, these methods could be dangerous as they may result in a cross-site scripting (XSS) attack in your browser. Please read this article to get more info about eval vulnerabilities and this article to get more info about XSS attack. There are some extensions and plugins for the browser that can limit or disable the functionality of these dangerous functions. If you have this kind of plugins and want to test whether your browser is protected against eval or not, please use this web app to test the above 4 methods.

What test methods are available here?

Currently, there are 4 methods available to test here. All these four methods are similar in terms of vulnerability and the risk for the XSS attack in the browser. The first method is the Eval() function which the most used function in websites. If you pass a valid javascript code as a string to this function it can execute the code. Please press on the - Test Eval() - button to see if the Eval function is working or disabled in your browser. The other similar method is - new Function() - and it can execute the code similar to eval when you pass a string to this function. Please use the second button to see if this method is active or not. The last two methods are setInterval and setTimeout, which in general, are not dangerous. But if you pass a string as the input argument to these methods, they can act like the eval function and can potentially cause an XSS attack. Please use the last two buttons to see if this vulnerability is present or not in your browser.

Related Blog Posts

1. How You Can Enable Privacy Extensions and Content Blocking Filters for Firefox: Mozilla had rolled out its new privacy features for their desktop version. Some of the features include enhanced tracker protection, password manager, content blocking, and optional security extensions...
2. Study Browser's Crypto Jacking Protection: One of the newest threats on the internet is Crypto Jacking. It actually refers to the websites which abuse computing resources of visitors in order to mine cryptocurrency...