JavaScript Anti Eval Debugging

最新推荐文章于 2025-04-10 11:58:43 发布

w2sfot

最新推荐文章于 2025-04-10 11:58:43 发布

阅读量366

点赞数 4

分类专栏： JavaScript前端编程文章标签： javascript 开发语言 ecmascript

本文链接：https://blog.youkuaiyun.com/w2sft/article/details/144150285

版权

JavaScript前端编程专栏收录该内容

110 篇文章

订阅专栏

The proper use of eval is to execute a string of JavaScript code. However, it is also frequently used by code analyzers for debugging and analysis purposes: running certain functions with eval to get the return values and understand the execution results of the code.

How to implement anti-eval debugging and prevent code from being executed by eval? We can throw an error within a function and catch its stack trace, then check if the call stack contains eval. This way, we can identify whether the function was called through eval and take appropriate actions accordingly.

Example Code:

function checkIfEvalled() {
    try {
        throw new Error();
    } catch (e) {
        console.log(e.stack);
        if (e.stack.includes('eval')) {
            console.log("This function might have been called by eval.");
        } else {
            console.log("This function was not called by eval.");
        }
    }
}

// Normal call
checkIfEvalled();

// Call using eval
eval('checkIfEvalled();');

In actual application, to avoid the anti-eval logic being easily seen, one would not use console.log for notifications; instead, they could return an incorrect value or take other measures. Additionally, it's recommended to obfuscate and encrypt the code, such as using JS-Obfuscatorfor JavaScript code obfuscation.