The JavaScript uses Eval?

I exported a game in HTML5 mode and I noticed some of the JavaScript code makes use of the eval method. The eval method breaks the content security policy on our website, however the game I exported doesn’t seem to make use of it at all.

Is there a reason for using eval and how I can avoid coding something that might make use of the function in exported HTML5 versions of a game?

We don’t really use eval very much, it appears it may be used in one of the following cases:

  1. Using ExternalInterface.call
  2. Using openfl.display.Loader to load a JavaScript file
  3. Using JS frame scripts in openfl.display.MovieClip, but there is no public API exposing that functionality (at the moment)

These are unusual cases, so you should not be running into eval use in your project, probably :slight_smile:

1 Like

You may be able to remove the eval() calls using dead code elimination. To enable this (and minify your code while you’re at it), compile using the -final flag. If you want DCE without minification, use -dce full instead.

1 Like