Using JS eval to create a Javscript in-app console
I know eval() is a "dangerous" function since it allows any code to be run, but in a desktop app not attached to servers and where most of the main logic is still in c++ I would think this is not a big issue. A user might crash the app by entering ridiculous code, but I don't think an app could be hacked necessarily in using eval() in this way. And since c++ classes can expose selected member functions to QML it could give an app some interesting features.
Just curious about anyone's insights in this.
This is a valid use case and we have previously used this to demonstrate live coding at different occasions.
You can for instance check out a series of youtube videos that Andres Baldwin did showing off Qt 5 on the raspberry "Raspberry PI":https://www.youtube.com/watch?v=A-vBbqamNBU
In practice that demo is most likely using a Loader and not eval but the implications are of course similar.
Note that Qt will not provide you any form of sandboxing or access control like a web browser would. Any library or function exposed to Qt Quick in your app would also be accessible to the end user so it might be possible that the he would get access to supposedly secret things like app tokens or other users personal data. It all comes down to how your application is designed though.