Skip to main content
Version: 3.28.0

Function()

The Function() constructor creates a new Function object. Calling the constructor directly can create functions dynamically, but suffers from security and similar (but far less significant) performance issues as eval(). However, unlike eval (which may have access to the local scope), the Function constructor creates functions which execute in the global scope only.

Syntax

new Function(functionBody)
new Function(arg0, functionBody)
new Function(arg0, arg1, functionBody)
new Function(arg0, arg1, /* … ,*/ argN, functionBody)

Function(functionBody)
Function(arg0, functionBody)
Function(arg0, arg1, functionBody)
Function(arg0, arg1, /* … ,*/ argN, functionBody)

Note: Function() can be called with or without new. Both create a new Function instance.

Parameters

  • argN optional

    • : Names to be used by the function as formal argument names. Each must be a string that corresponds to a valid JavaScript parameter (any of plain identifier, rest parameter, or destructured parameter, optionally with a default), or a list of such strings separated with commas.

      As the parameters are parsed in the same way as function expressions, whitespace and comments are accepted. For example: "x", "theValue = 42", "[a, b] /* numbers */" — or "x, theValue = 42, [a, b] /* numbers */". ("x, theValue = 42", "[a, b]" is also correct, though very confusing to read.)

  • functionBody

    • : A string containing the JavaScript statements comprising the function definition.

Description

Function objects created with the Function constructor are parsed when the function is created. This is less efficient than creating a function with a function expression or function declaration and calling it within your code, because such functions are parsed with the rest of the code.

All arguments passed to the function, except the last, are treated as the names of the identifiers of the parameters in the function to be created, in the order in which they are passed. The function will be dynamically compiled as a function expression, with the source assembled in the following fashion:

`function anonymous(${args.join(",")}
) {
${functionBody}
}`

This is observable by calling the function's toString() method.

However, unlike normal function expressions, the name anonymous is not added to the functionBody's scope, since functionBody only has access the global scope. If functionBody is not in strict mode (the body itself needs to have the "use strict" directive since it doesn't inherit the strictness from the context), you may use arguments.callee to refer to the function itself. Alternatively, you can define the recursive part as an inner function:

const recursiveFn = new Function("count", `
(function recursiveFn(count) {
if (count < 0) {
return;
}
console.log(count);
recursiveFn(count - 1);
})(count);
`);

Note that the two dynamic parts of the assembled source — the parameters list args.join(",") and functionBody — will first be parsed separately to ensure they are each syntactically valid. This prevents injection-like attempts.

new Function("/*", "*/) {");
// SyntaxError: Unexpected end of arg string
// Doesn't become "function anonymous(/*) {*/) {}"