@locker/eslint-plugin-unsafe-types/docs/rules/unsafe-eval.md

Detect usage of unsigned unsafe types.

# Disallow the use of unsigned `eval()` (`@locker/unsafe-types/unsafe-eval`)

<!-- end auto-generated rule header -->

A signed eval call means a call to eval with an first passed through a signing method.

## Rule Details

Find direct or indirect calls to eval and determine if the argument is passed through the signing function. 
Track assignments throughout the code and determine if those are signed as well.

The rule imposes a specific way to sign. 
Any deviations, such as using computed member properties instead of the `.` notation, will be reported.

There are 2 ways to sign in Aura:

- if this is a component's code use: `A.lockerService.restricted.createScript`
- if this is platform code use: `A.lockerService.trusted.createScript`

Examples of **incorrect** code for this rule:

```js

eval('foo');
(0, eval)('foo');

```

Examples of **correct** code for this rule:

```js
// Aura
eval($A.lockerService.restricted.createScript('foo'));
(0, eval)($A.lockerService.restricted.createScript('foo'));
```

## When Not To Use It

When eval is not a concern in the codebase.

## Further Reading

Original no-eval rule [documentation](https://github.com/eslint/eslint/blob/main/docs/src/rules/no-eval.md).
Original no-eval rule [source code](https://github.com/eslint/eslint/blob/main/lib/rules/no-eval.js) and [tests](https://github.com/eslint/eslint/blob/main/tests/lib/rules/no-eval.js).