Using JS eval to create a Javscript in-app console



  • The native presence of Javascript in Qt 5 is giving me a lot of brainstorming ideas. One of this is the ease of having a simple JS console right inside an app that allows text entered to be run through eval() for runtime coding. Has anyone thought of this or is this type of runtime console (not to be confused with the IDE console) already included in Qt?

    I know eval() is a "dangerous" function since it allows any code to be run, but in a desktop app not attached to servers and where most of the main logic is still in c++ I would think this is not a big issue. A user might crash the app by entering ridiculous code, but I don't think an app could be hacked necessarily in using eval() in this way. And since c++ classes can expose selected member functions to QML it could give an app some interesting features.

    Just curious about anyone's insights in this.



  • This is a valid use case and we have previously used this to demonstrate live coding at different occasions.

    You can for instance check out a series of youtube videos that Andres Baldwin did showing off Qt 5 on the raspberry "Raspberry PI":https://www.youtube.com/watch?v=A-vBbqamNBU

    In practice that demo is most likely using a Loader and not eval but the implications are of course similar.

    Note that Qt will not provide you any form of sandboxing or access control like a web browser would. Any library or function exposed to Qt Quick in your app would also be accessible to the end user so it might be possible that the he would get access to supposedly secret things like app tokens or other users personal data. It all comes down to how your application is designed though.


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.