javascript - In node.js, How do you check whether a given string of code is syntactically correct in the most lightweight way? -

admin管理员组

文章数量:1426308

Imagine that I accept a piece of code from a user and want to just check whether the given string is a valid JS or not? Just from the syntax perspective.

function checkCode(x){
// Logic

}
// returns a boolean, whether 'x' is syntactically right or wrong.

I don't want solutions with eval, since the whole nodejs process gets in to a syntax error when the given code, 'x' is syntactically wrong.

Imagine that I accept a piece of code from a user and want to just check whether the given string is a valid JS or not? Just from the syntax perspective.

function checkCode(x){
// Logic

}
// returns a boolean, whether 'x' is syntactically right or wrong.

I don't want solutions with eval, since the whole nodejs process gets in to a syntax error when the given code, 'x' is syntactically wrong.

• javascript
• node.js
• syntax
• eval

Share Improve this question Follow asked Nov 20, 2013 at 13:50 CookiesCookies 68511 gold badge88 silver badges1717 bronze badges 10

• 1 This is easy, you shouldn't! Accepting code from a user and inserting it into your serverside codebase is probably one of the worst things you can do ? – adeneo Commented Nov 20, 2013 at 13:52
• 1 As a sidenote, to check if the code is "runnable" you can just insert it into a try/catch block and catch any errors. – adeneo Commented Nov 20, 2013 at 13:53
• 3 If it's gonna run in the user's browser then you could just eval it there without round-tripping through the server. try/catch should catch the error. Doing it directly will also give feedback to the user quicker. – Supr Commented Nov 20, 2013 at 14:07
• 2 Even if the browser validates the javascript, do not send it to the server to be executed unless you don't care about security. – WiredPrairie Commented Nov 20, 2013 at 15:12
• 3 @Skeptical Never perform validation on the client. Though I suppose based on this question that there are bigger flaws in your security. – Kendall Frey Commented Nov 20, 2013 at 20:56

 |  Show 5 more ments

4 Answers 4

Sorted by: Reset to default 10

To check a string contains syntactically valid JavaScript without executing it (which would be an incredibly bad idea), you don't need a library, you may use the parser you already have in your JS engine :

try {
     new Function(yourString);
     // yourString contains syntactically correct JavaScript
} catch(syntaxError) {
     // There's an error, you can even display the error to the user
}

Of course this can be done server side.

Check this demonstration

Don't use eval that is literally the same as handing over the control of your server to the public internet. Anyone can do anything with your server - delete files, leak files, send spam email and so on. I am shocked that the answer had received 3 upvotes by the time I noticed it.

Just use a Javascript parser like esprima http://esprima/

Here is a syntax validator example it can even collect multiple errors: https://github./ariya/esprima/blob/master/demo/validate.js#L21-L41

If it's gonna run in the user's browser then you could just eval it there without round-tripping through the server. try/catch should catch the error. Doing it directly will also give feedback to the user quicker.

I already had some code lying around after an experiment. I modified it slightly and put it in a jsfiddle.

Basically just use try/catch:

try {
    eval('Invalid source code');
} catch(e) {
    alert('Error: '+e)
}

Perhaps you can try JSLint.

https://github./douglascrockford/JSLint

It's a little bit heavy but it work well.

本文标签：