How to execute script from an Input field on JS?

Question

I want to execute script from an editable input field when clicking a button

for example, If you type "alert("x");", I want to alert you "x", but also if you type "for(i=0;i<3;i++){alert(i);}" I want it to execute it.

How can I achieve this?

Edit: eval() is the only solution? Because I read that it is dangerous: https://developer.mozilla.org/en/JavaScript/Reference/Global_Objects/eval#section_5

Answer 1

Please note that you're taking input from the user and running it in the context of a script on your site. So the script can do anything that JavaScript running on your browser/domain would have the ability to do (including cookie stealing, XSS, drive-by malware, etc.).

The only thing you can realistically do to mitigate the risks is to not eval() user-provided content. I'd suggest to consider the following alternatives:

1. Use iframe as an environment to run user's script: http://dean.edwards.name/weblog/2006/11/sandbox/
2. Use Caja. It allows websites to safely embed DHTML web applications from third parties, and enables rich interaction between the embedding page and the embedded applications. It uses an object-capability security model to allow for a wide range of flexible security policies. http://code.google.com/p/google-caja/

Happy coding!

Answer 2

use eval, like onclick="eval(document.getElementById('your_input'))"

Answer 3

Use the eval() command and it will evaluate and execute the javascript you pass to it.

Answer 4

Try this one :) http://www.w3schools.com/jsref/jsref_eval.asp