- Open up code for injection attack
- Hard to deubg
Code example:
<script>
eval("x=10;y=20;document.write(x*y)");
document.write("<br>" + eval("2+2"));
document.write("<br>" + eval(x+17));
</script>
Reference:
http://stackoverflow.com/questions/86513/why-is-using-the-javascript-eval-function-a-bad-idea