mmattax mmattax - 4 months ago 20
Javascript Question

Executing JavaScript from Flex: Is this javascript function dangerous?

I have a flex application that needs the ability to generate and execute JavaScript. When I say this, I mean I need to execute raw JavaScript that I create in my Flex application (not just an existing JavaScript method)

I am currently doing this by exposing the following JavaScript method:

function doScript(js){ eval(js);}

I can then do something like this in Flex (note: I am doing something more substantial then an alert box in the real Flex app):"doScript","alert('foo'));

My question is does this impose any security risk, I am assuming it's not since the Flex and JasvaScript all run client side...

Is there a better way to do this?


There's no need for the JavaScript function, the first argument to ExternalInterface can be any JavaScript code, it doesn't have to be a function name (the documentation says so, but it is wrong).

Try this:"alert('hello')");