Executing Dynamic Script Using Eval

[Chris Wiederspan]

I've built a very small script that goes like this...

function main() {

  var response = UrlFetchApp.fetch("https://.../script.js");

  var script = response.getContentText();

  eval(script);

}

As you can imagine, the script.js file is a script that's built dynamically on-the-fly as the file is downloaded by the Google AdWords runtime.

I have already proven this works within the system, so I'm really just looking for any commentary from Google as to whether this approach is "approved"? I don't want to build a system around this idea and then have Google clampdown on this functionality. Of course, all of the script that gets eval-ed is valid, legal javascript code, so there really isn't any security issue here that I can see. But, again, just want to make sure this is copacetic before I go too far down this rabbit hole.

Thanks in advance!

[Kevin Winter (AdWords Scripts Team)]

Hi Chris,

  This approach is "approved" inasmuch as we don't forbid it, but as I'm sure you realize, there are many drawbacks to evaluating raw scripts in this manner.  I'm not aware of any plans to prevent this from working.

- Kevin Winter

AdWords Scripts Team