Why am i receiving this jsfiddle error, document.write can be a form of eval

Question

I am testing a code I found while reading a book. I get this error while testing it out in JS fiddle, document.write can be a form of eval.

     var text = '<html><body bgcolor=linen><p>' +
    'This is <b>bold<\/b>!<\/p><\/body><\/html>';

var tags = /[^<>]+|<(\/?)([A-Za-z]+)([^<>]*)>/g;
var a, i;
while ((a = tags.exec(text))) {
    for (i = 0; i < a.length; i += 1) {
        document.writeln(('// [' + i + '] ' + a[i]).entityify());
    }
    document.writeln();
}

I am getting the above JSfiddle warning on both lines with document.writeln().

[Why am I recieving the error 'document.write can be a form of eval'?](http://stackoverflow.com/questions/10609957/why-am-i-recieving-the-error-document-write-can-be-a-form-of-eval) — the system, Feb 24 '13 at 03:09
And more Q/A: [\[javascript\] document.write eval](http://stackoverflow.com/search?q=[javascript]+document.write+eval) — the system, Feb 24 '13 at 03:12

score 18 · Accepted Answer · edited May 23 '17 at 12:18

18

Note that this is a warning only - but a good one that should be respected. It is actually being generated by a checker called JSLint - and a good read for the reasoning of this warning is available at http://www.jameswiseman.com/blog/2011/03/31/jslint-messages-document-write-can-be-a-form-of-eval/.

Basically, the foundation of this is that "eval is evil" - and that document.write can be used to perform evaluations.

Besides this - and not mentioned in the above, avoid document.write whenever possible, except for maybe simple testing. It writes to the DOM after it is considered to be "complete", and modifications at this point should only be made using the supported DOM methods. Additional details concerning this are covered at Why is document.write considered a "bad practice"? - where it is mentioned that it is "Far better to use the safe and DOM friendly DOM manipulation methods" (document.createElement, element.appendChild, etc.). A good concrete example of this is available at https://developer.mozilla.org/en-US/docs/Web/API/Document_object_model/Using_the_W3C_DOM_Level_1_Core.

edited May 23 '17 at 12:18

Community

1
1

answered Feb 24 '13 at 03:09

ziesemer

26,239
8
80
90

4

Every one says this is evil or this is not good. But no one says you may use *what* instead of `document.write`. I am new to js, I met this problem, too. I still got no answer how to improve. – JW.ZG Feb 16 '16 at 07:43
@JW.ZG - as was mentioned, you should use the supported DOM methods instead. I've further expanded the answer with some additional specifics, including a link to a good concrete example that you may wish to reference. – ziesemer Feb 16 '16 at 13:17
Oh, sorry, I understand now. I didn't know `document.getElementById` is called DOM method, which actually has been introduced by my Prof. in the class. 囧 – JW.ZG Feb 16 '16 at 15:46
http://www.jameswiseman.com/blog/2011/03/31/jslint-messages-document-write-can-be-a-form-of-eval/ is apt ! – parasrish Mar 30 '17 at 11:52

Why am i receiving this jsfiddle error, document.write can be a form of eval

1 Answers1

Linked