Run a Javascript function stored in a string variable

Question

I have got the following function coming from an ajax call which is stored in a string variable.

obj.action="DisplayActivity('modalDisplay', 0, 4);"

I am trying to run it but without success. I tried with:

eval(obj.action);

and with:

window[obj.action]

Any ideas? Thanks.

For that eval to work, DisplayActivity should be defined somewhere. — ibrahim mahrir
– ibrahim mahrir, Commented Jan 15, 2019 at 23:47
Does DisplayActivity actually exist? You may be getting some errors in your console if it doesn't. — Jack Bashford
– Jack Bashford, Commented Jan 15, 2019 at 23:48
eval works, of course only if the function you are trying to call is in scope. window[obj.action] makes no sense. — Felix Kling
– Felix Kling, Commented Jan 15, 2019 at 23:49
yes, for sure. the function is already defined. I can run it just calling like that DisplayActivity('modalDisplay', 0, 4); in the same code section. but i need to invoke it from the variable cos it is coming from the server side. — D.B
– D.B, Commented Jan 15, 2019 at 23:51

NVRM · Accepted Answer · 2019-01-16 00:04:28Z

2

let s = "console.log('Hello '+a)",
call = new Function('a', s)

call('world!')

Make sure to avoid to call stuffs from a GET/POST or this will lead to be a typical xss, allowing to change your DOM from a special crafted link.

answered Jan 16, 2019 at 0:04

NVRM

13.5k2 gold badges102 silver badges102 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

Nikita Malyschkin · Accepted Answer · 2019-01-16 00:07:16Z

1

I suppose it's a scoping problem.

Try:

eval("global.tmp = function(DisplayActivity){" + obj.action + "};");
global.tmp(DisplayActivity);

answered Jan 16, 2019 at 0:07

Nikita Malyschkin

6924 silver badges17 bronze badges