Eval() is a dangerous javascript function as it can execute the code which is passed to it with the privilege of the caller. If a website uses eval in a wrong manner, it may result in cross-site scripting attacks (XSS). Therefore, it might be a good idea to disable or limit the functionality of eval and similar methods in the browser. You can use this web app to check whether eval or similar methods are allowed or blocked in your browser.
Test eval and similar methods in your browser | |
Click the below buttons to test whether eval (and similar methods) is allowed or blocked in your browser. | |
Note: available methods are Eval(), new Function(), setTimeout(), and setInterval(). | |
... | |
... | |
... | |
... |
Test Eval is a web app to tell you whether eval() is allowed in your browser or not. Other methods similar to eval, like new Function(), setTimeout, and setInterval can also be checked here. Please note that setTimeout or setInterval is only dangerous if you pass a string as the input argument. As mentioned above, these methods could be dangerous as they may result in a cross-site scripting (XSS) attack in your browser. Please read this article to get more info about eval vulnerabilities and this article to get more info about XSS attack. There are some extensions and plugins for the browser that can limit or disable the functionality of these dangerous functions. If you have this kind of plugins and want to test whether your browser is protected against eval or not, please use this web app to test the above 4 methods.
Currently, there are 4 methods available to test here. All these four methods are similar in terms of vulnerability and the risk for the XSS attack in the browser. The first method is the Eval() function which the most used function in websites. If you pass a valid javascript code as a string to this function it can execute the code. Please press on the - Test Eval() - button to see if the Eval function is working or disabled in your browser. The other similar method is - new Function() - and it can execute the code similar to eval when you pass a string to this function. Please use the second button to see if this method is active or not. The last two methods are setInterval and setTimeout, which in general, are not dangerous. But if you pass a string as the input argument to these methods, they can act like the eval function and can potentially cause an XSS attack. Please use the last two buttons to see if this vulnerability is present or not in your browser.