Can you use eval() in p5js?

is the eval() function available for p5js?

Yes. See:

It is available in JavaScript, and works in p5.js.

1 Like

for future reference, are there any javascript functions that are not in p5.js?

1 Like

p5.js is a JS library for browsers (frontend).

You can look up here for what’s available in JS out-of-the-box:

1 Like

An online p5.js + dat.gui sketch using eval():

That’s an interesting question. Since when we are using the p5.js library, we are using JavaScript, all the JavaScript functions could potentially be available to us. However, in JavaScript, anyone can overwrite names, including the names of functions.

In the following, eval has been overwritten:

function setup() {
  createCanvas(89, 55);
  textAlign(CENTER, CENTER);

function draw() {
  text(eval(7), width / 2, height / 2);

function eval(n) {
  // redefine the JavaScript eval function
  return n * n * n;


So, to answer your question, we could check all of the p5.js library documentation to see whether any JavaScript function names have been redefined. Perhaps someone here already knows whether that is the case.


That is the case for the p5::print() method, which overrides Window::print():

So besides JS builtins we also have Window methods available in the global context when using a browser (frontend):


However, the implementation of the p5.js print() function preserves the behavior of the global built in function by calling the original function when no arguments are specified:

_windowPrint = window.print;
p5.prototype.print = function(...args) {
  if (!args.length) {
  } else {

I thought eval() was retired years ago because of being a dangerous function, as an attack vector.

Years avoiding it and suddenly I find it is still available.

Does it mean you can program a worksheet in js/p5js?

eval() was never “retired” it’s just that its use is discouraged because 1) it is very easy to create a security vulnerability when using it, and 2) there are plenty of things for which one could use eval() but which have better solutions (both in terms of performance and security).

If by “worksheet” you mean a spreadsheet like program, then certainly, this would be possible with or without eval(). In order to support formulas in a spreadsheet you can either write an interpreter to process formulae, or you can write some code that transpiles/sanitizes formulae into JavaScript which can be executed with eval(). But what you absolutely would not want to do is simply eval() user input as JavaScript. Technically there’s nothing wrong with doing this if user A only ever runs user A’s JavaScript (although they could write some JavaScript that would crash your page which would be a bad user experience), however, what would be very bad would to let user A write some JavaScript that you then eval() in user B’s browser (say because you allow users to save and share spreadsheets). This would let user A do things like steal user B’s credentials or personal information, inject ads into user B’s page, or to use user B’s browser tab for nefarious purposes.