NO_EVAL

JavaScript's function is potentially dangerous, is often misused, and might cause security issues. Using on untrusted code can open an application up to several different injection attacks.

This rule will also catch eval-like function usage (or implied eval), such as passing a string as the first argument to .

This is especially dangerous when working with data from external sources.

For more information on why you should never use evaluation, see the MDN docs.

The lines below (and variations of those) will all be caught by this rule.

Conformance rules are not type-aware, but will follow variable references within the current module (or file).

Avoid usage of this type of evaluation entirely in your application. Instead, you should write the same functionality as raw code (not within a string).