As repeatedly said, it is considered bad practice to use the Function constructor (also see the ECMAScript Language Specification, 5th edition, § 15.3.2.1):
new Function ([arg1[, arg2[, … argN]],] functionBody)
(where all arguments are strings containing argument names and the last (or only) string contains the function body).
To recapitulate, it is said to be slow, as explained by the Opera team:
Each time […] the
Function
constructor is called on a string representing source code, the script engine must start the machinery that converts the source code to executable code. This is usually expensive for performance – easily a hundred times more expensive than a simple function call, for example. (Mark ‘Tarquin’ Wilton-Jones)
Though it's not that bad, according to this post on MDC (I didn't test this myself using the current version of Firefox, though).
Crockford adds that
[t]he quoting conventions of the language make it very difficult to correctly express a function body as a string. In the string form, early error checking cannot be done. […] And it is wasteful of memory because each function requires its own independent implementation.
Another difference is that
a function defined by a Function constructor does not inherit any scope other than the global scope (which all functions inherit). (MDC)
Apart from this, you have to be attentive to avoid injection of malicious code, when you create a new Function
using dynamic contents.
That said, T.J. Crowder says in an answer that
[t]here's almost never any need for the similar […] new Function(...), either, again except for some advanced edge cases.
So, now I am wondering: what are these “advanced edge cases”? Are there legitimate uses of the Function constructor?
This is a separate case from my other answer.
I used the Function constructor a while back to create custom string formatters that were being called repeatedly. The overhead of creating the function (which I take it is the performance issue you're talking about) was far outweighed by the improved performance of the custom-built functions, which were created at runtime specifically to process a particular format string, and therefore did not need to evaluate tons of irrelevant cases — or parse a format string, for that matter. It's a bit like compiling a regular expression, I suppose.
The only legitimate use I have come for it is when I wrote this:
The code allows you to use
Function.prototype.apply
while 'using' thenew
keyword.Example:
jQuery uses it to parse JSON strings when a JSON parser object is not available. Seems legit to me :)
John Resig used the Function constructor to create "compiled" versions of client-side templates written in an asp syntax. http://ejohn.org/blog/javascript-micro-templating/
I use the
new Function()
constructor as an in-line JS interpreter in one of the web apps I'm developing:As I get stuff streaming over AJAX (not an iframe), I continuously
interpret()
it onreadyStateChange == 3
. This works surprisingly well.Edit: here's a clear case study that shows that
new Function()
is categorically faster thaneval()
. I.e. you should never (rarely?) use eval in lieu ofnew Function()
.http://polyfx.com/stuff/bsort.html <- the 1000 iteration version, may crash your browser
http://polyfx.com/stuff/bsort10.html <- the shorter version
Eval is on average, almost 8 times slower than
new Function()
.You might want to execute a string of code more than once. Using the Function constructor means that you only have to compile it once.
You might want to pass arguments to the code, for instance if you're polyfilling an event you can retrieve the event attribute and construct a Function expecting an event argument.
You can combine the two and compile it in one location and execute it at another and still manage to pass arguments in the variables that the string of code expects.