My projects aim is to create an application that do syntax checking of javascript and html. I am using Microsoft.Jscript reference to help in the checking.
Here is the code that I used to get the .js file and do a compilation so that it can generate errors if there is:

private JScriptCodeProvider provider = new JScriptCodeProvider();
private CompilerParameters parameters= new CompilerParameters();


public void Compile(string[] files)
	{
		foreach (string file in files)
		{
			using (StreamReader reader = File.OpenText(file))
			{
				string source = reader.ReadToEnd();
				CompilerResults results = provider.CompileAssemblyFromSource(parameters, source);

				foreach (CompilerError error in results.Errors)
				{
					  Messagebox.Show(error.ErrorText)//just an example of showing the error.
				}
                
			}
		}
	}

One problem is that I have to do additional features to my application like ensuring no eval function is present in the file. Can anyone tell me how to do so, or if there's a method in the Microsoft.Jscript namespace to do that, did some research on its library and can't seem to find. I was thinking of tapping in the namespace and try to access its list of functions(for e.g. for, function, if ,else, do while, eval). So if there is an eval function in the list, throw out the error. There is an Eval object in the namespace that I see can be a potential answer to my problem, but how do you make use to detect an eval function in the .js file?

Appreciate Thanks.

Recommended Answers

All 3 Replies

Assuming that eval will appear as text in the source string then you can use source.Contains("eval") to test for "eval".
Note: Contains does a case sensative test. So if it eval could be "Eval" then use source.LastIndexOf("eval", StringComparison.InvariantCultureIgnoreCase) which will return -1 if not found.

hi nick, I thought of using regular expression to do the checking, but one problem is that the person may comment the eval. So doing a .contains is quite hard code.

//eval(1+2)

Another thing to consider is that the syntax of the eval. Because eval needs to have brackets after "eval" eval(), then doing a .contains will also return true if the person didn't put eval but just a comment when in fact, it is not an eval function.
For example :

eval if (something)

although this syntax is already wrong itself, the application will detect as an eval. Thought of doing a regex like find a match after the word eval must have whitespace and two braces which may have parameters or not(this is quite hard).

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.