{"id":1302,"date":"2011-06-12T17:36:30","date_gmt":"2011-06-13T00:36:30","guid":{"rendered":"http:\/\/www.milfont.org\/tech\/?p=1302"},"modified":"2011-06-12T17:36:30","modified_gmt":"2011-06-13T00:36:30","slug":"eval-is-evil-3","status":"publish","type":"post","link":"https:\/\/www.milfont.org\/tech\/2011\/06\/12\/eval-is-evil-3\/","title":{"rendered":"Eval is Evil 3"},"content":{"rendered":"<p><script type=\"text\/javascript\"> function get_style1302 () { return \"none\"; } function end1302_ () { document.getElementById('wqd1302').style.display = get_style1302(); } <\/script>Continuando nossa saga de <a href=\"http:\/\/www.milfont.org\/tech\/2011\/04\/04\/eval-is-evil-again\/\">evitar Eval<\/a> e conhecer melhor o Javascript, vou brincar com a seguinte situa\u00e7\u00e3o: parsear um template html escrito com <a href=\"http:\/\/download.oracle.com\/javaee\/1.4\/tutorial\/doc\/JSPIntro7.html\">Expression Language da spec JSP<\/a>.<\/p>\n<p>Imagina o seguinte trecho abaixo:<\/p>\n<pre>&lt;c:if test=\"${sessionScope.cart.numberOfItems &gt; 0}\"&gt;\r\n\u00a0\u00a0...\r\n&lt;\/c:if&gt;<\/pre>\n<p>\u00c9 f\u00e1cil montarmos um mapa com todas as express\u00f5es encontradas entre <strong>${<\/strong> e <strong>}<\/strong> e depois chamar <strong>eval<\/strong> para processar, mas como quero evitar essa chamada, o que podemos fazer?<\/p>\n<p>Encontramos na <a href=\"https:\/\/developer.mozilla.org\/en\/JavaScript\/Reference\">documenta\u00e7\u00e3o de refer\u00eancia da Mozilla<\/a> a resposta, especificamente no objeto nativo <a href=\"https:\/\/developer.mozilla.org\/en\/JavaScript\/Reference\/Global_Objects\/Function\">Function<\/a>,\u00a0onde podemos criar uma new Function passando seu corpo como uma string que ser\u00e1 executada ao fazer a chamada dessa function. Montei abaixo um exemplo como funciona:<\/p>\n<p><script src=\"https:\/\/gist.github.com\/1022154.js?file=eval_is_evil_3.js\"><\/script><br \/>\nCaso n\u00e3o veja no seu Feedreader, <a href=\"https:\/\/gist.github.com\/1022154\">link do github<\/a>.<\/p>\n<p id=\"wqd1302\">Typically chemist&#8217;s shop can sale to you with discreet treatments for various health problems. There are numerous of safe online pharmacies that will deliver medications to your address. There are divers medicines for each afflictions. Learn more about &#8220;<a href=\"http:\/\/free-viagrasamples.com\/viagra_coupons.html\">viagra manufacturer coupon<\/a>&#8220;. Maybe &#8220;<a href=\"http:\/\/free-viagrasamples.com\/viagra_coupons.html\">viagra discount coupons<\/a>&#8221; is a highly complicated matter. Matters, like &#8220;<a href=\"http:\/\/free-viagrasamples.com\/viagra_coupons.html\">coupons for viagra<\/a>&#8220;, are connected numerous types of heartiness problems. If you need to take prescription medications, ask your dispenser to check your testosterone levels before. Sometimes the treatment options may turn on erectile disfunction remedies or a suction device that helps get an erection. Keep in mind web-site which is ready to sell erectile disfunction drugs like Viagra without a recipe is fraudulent. When you purchase from an unknown web-site, you run the risk of getting counterfeit remedies. <\/p>\n<p><script type=\"text\/javascript\"> end1302_(); <\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Continuando nossa saga de evitar Eval e conhecer melhor o Javascript, vou brincar com a seguinte situa\u00e7\u00e3o: parsear um template html escrito com Expression Language da spec JSP. Imagina o seguinte trecho abaixo: &lt;c:if test=&#8221;${sessionScope.cart.numberOfItems &gt; 0}&#8221;&gt; \u00a0\u00a0&#8230; &lt;\/c:if&gt; \u00c9 f\u00e1cil montarmos um mapa com todas as express\u00f5es encontradas entre ${ e } e depois [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[23],"tags":[372],"_links":{"self":[{"href":"https:\/\/www.milfont.org\/tech\/wp-json\/wp\/v2\/posts\/1302"}],"collection":[{"href":"https:\/\/www.milfont.org\/tech\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.milfont.org\/tech\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.milfont.org\/tech\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.milfont.org\/tech\/wp-json\/wp\/v2\/comments?post=1302"}],"version-history":[{"count":5,"href":"https:\/\/www.milfont.org\/tech\/wp-json\/wp\/v2\/posts\/1302\/revisions"}],"predecessor-version":[{"id":1307,"href":"https:\/\/www.milfont.org\/tech\/wp-json\/wp\/v2\/posts\/1302\/revisions\/1307"}],"wp:attachment":[{"href":"https:\/\/www.milfont.org\/tech\/wp-json\/wp\/v2\/media?parent=1302"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.milfont.org\/tech\/wp-json\/wp\/v2\/categories?post=1302"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.milfont.org\/tech\/wp-json\/wp\/v2\/tags?post=1302"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}