RMMZ The root of all eval()

Lihinel

Veteran
Veteran
Joined
Nov 9, 2013
Messages
259
Reaction score
318
First Language
German
Primarily Uses
I am in the middle of reimplementing a battle system for the 4th time and I am thinking about using some eval() magic.
I know this is a big no-no when it comes to developing for the web, but since the rpgmaker itselft uses tons of eval in the objects js (and the plugins aren't encrypted anyway so anyone could just put in any malicious code anyway), it doesn't seem to be a problem.

So... any objections?

Background:
Many of the skills use have multiple conditions and side effects. I could use a lot of if/else/submethods/recursion and other ways to implement it, but it seems to be easier to use eval for some of the conditions, damage, status effect duration, and other computations. (I'd read the strings in from a json and use them in a method/scope that has variables for str, def etc. to manipulate)
 

Andar

Veteran
Veteran
Joined
Mar 5, 2013
Messages
31,266
Reaction score
7,633
First Language
German
Primarily Uses
RMMV
The problem is not eval itself, the problem is the source of the string that is eval'ed.

If you develop inside the web, there is a really high chance that someone else can send a string to be eval'ed, and construct that string in a way that it breaks your websites security structure.

However, the RM is a closed system where you are the only one entering strings to be eval'ed. So unless you're using a plugin that let's the player choose their damage formula or anything similiarly insane, there is no way that someone else can enter malcode by eval into your game.
 

Lihinel

Veteran
Veteran
Joined
Nov 9, 2013
Messages
259
Reaction score
318
First Language
German
Primarily Uses
Thanks, thats what I wanted confirmed.

I use eval on strings from a json.
If someone wants to mess with your game they could just alter the plugins or even the engines js so there doesn't seem to be any special additional danger to using eval.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

Latest Threads

Latest Profile Posts

So I'm practicing ITC with a spirit box, and decide to try to contact my deceased soulmate. It actually gave me multiple identifiers. Me, still a bit skeptical, asked aloud "Fine but does he still love me?" and the box spoke and printed the word "Forever" at the same time. Been a mess of tears since. :kaocry:
Been scratching away at my game and making progress, but just had a revelation. I'm working in full screen and adjusting all my pictures accordingly, but will they resize if someone's screen is smaller?? I hope this doesn't turn out to be a problem later.
Why is there so much month left at the end of money? D=
Hello humans! How goes your day in this journey of living? I hope it is good, for I am human like you, and I am feeling great! Worship the altar.

Forum statistics

Threads
105,627
Messages
1,015,072
Members
137,287
Latest member
AKPoliandro
Top