Given that the code string has a return
statement, eval
alone wouldn't work anyway, but you could use Function()
.
var result = Function(data.templateLabelEval)();
This has nearly all the same security concerns, but not so much the performance issues that eval has (or had). So of course, you should only execute code that is secure.
To explain the code, passing the string to the Function
constructor creates a new function object with that strings as its body. (I assume the function needs no parameters defined for now.) So the trailing ()
invokes the function immediately and the result is stored in result
.
You could store the function itself if you want, and then invoke it later as many times as you'd like.