Inspectopedia
 
2024.3

Execution of dynamically generated code

Warning
Security
New
Last modified: 03 December 2024

Reports a call of the eval(), setTimeout(), or setInterval() function or an allocation of a Function object. These functions are used to execute arbitrary strings of JavaScript text, which often dynamically generated. This can be very confusing, and may be a security risk.

Ignores the cases when a callback function is provided to these methods statically, without code generation.