Eval can be harmful (no-eval) How to fix.

[wdg]

Since "Eval can be harmful (no-eval)"

how can we parse this

        var js = change.getElementsByTagName('script')
        for (var i = 0, j = js.length; i < j; i++) {
          eval(js[i].innerHTML)
        }

(page is loaded via AJAX, so no scripts will be executed without eval)

Code Snippet

  function getViaAjax (url) {
    var xmlPhttp

    if (window.XMLHttpRequest) {
      xmlPhttp = new window.XMLHttpRequest() // code for IE7+, Firefox, Chrome, Opera, Safari
    } else {
      xmlPhttp = new window.ActiveXObject('Microsoft.XMLHTTP') // code for IE6, IE5
    }

    xmlPhttp.open('POST', url, true)
    xmlPhttp.setRequestHeader('Content-type', 'application/x-www-form-urlencoded')
    xmlPhttp.onreadystatechange = function () {
      if (xmlPhttp.readyState === 4 && xmlPhttp.status === 200) {
        document.getElementById('changeMe').innerHTML = xmlPhttp.responseText

        // JavaScript Fix!
        var js = change.getElementsByTagName('script')
        for (var i = 0, j = js.length; i < j; i++) {
          eval(js[i].innerHTML)
        }
      }
    }

[KevinGrandon]

Why don't you just appendChild on a script element and set the src to your URL. Why does it need to be done over ajax?

[Flet]

add this to the top of the file?

/*eslint-disable no-eval */

[wdg]

@KevinGrandon I'm loading a page.
wich may have javascript content in it.

@Flet Thanks

[dcousens]

@wesdegroot you could still use appendChild.