Remove dependency on eval() - fixes #190.5.4

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

5 files changed, 15 insertions, 11 deletions

diff --git a/README.md b/README.md
index 43fc71a..d00f920 100644
--- a/README.md
+++ b/README.md
@@ -97,6 +97,12 @@ Versions
 --------
 
 <dl>
+  <dt>0.5.4</dt>
+  <dd>
+    <ul>
+      <li>do not use `eval()` anymore (#19)</li>
+    </ul>
+  </dd>
   <dt>0.5.3</dt>
   <dd>
     <ul>
diff --git a/bower.json b/bower.json
index 5f1755e..9ebfa4e 100644
--- a/bower.json
+++ b/bower.json
@@ -1,6 +1,6 @@
 {
   "name": "strengthify",
-  "version": "0.5.3",
+  "version": "0.5.4",
   "homepage": "https://github.com/MorrisJobke/strengthify",
   "authors": [
     "Eve Ragins <eve.ragins@eve-corp.com",
diff --git a/jquery.strengthify.js b/jquery.strengthify.js
index c1d7765..6a78a7c 100644
--- a/jquery.strengthify.js
+++ b/jquery.strengthify.js
@@ -2,7 +2,7 @@
  * Strengthify - show the weakness of a password (uses zxcvbn for this)
  * https://github.com/MorrisJobke/strengthify
  *
- * Version: 0.5.3
+ * Version: 0.5.4
  * Author: Morris Jobke (github.com/MorrisJobke) - original
  *         Eve Ragins @ Eve Corp (github.com/eve-corp)
  *
@@ -207,13 +207,11 @@
 
                 $elem.parent().on('scroll', drawSelf);
 
-                $.ajax({
-                    cache: true,
-                    url: options.zxcvbn
-                }).done(function(content) {
-                    eval(content);
-                    $elem.bind('keyup input change', drawSelf);
-                });
+                var script = document.createElement("script");
+                script.src = options.zxcvbn;
+                document.head.appendChild(script);
+
+                $elem.bind('keyup input change', drawSelf);
             };
 
             init.call(this);
diff --git a/jquery.strengthify.min.js b/jquery.strengthify.min.js
index 8cf2241..ede9739 100644
--- a/jquery.strengthify.min.js
+++ b/jquery.strengthify.min.js
@@ -1 +1 @@
-!function($){$.fn.strengthify=function(paramOptions){"use strict";var defaults={zxcvbn:"zxcvbn/zxcvbn.js",titles:["Weakest","Weak","So-so","Good","Perfect"],tilesOptions:{tooltip:!0,element:!1},drawTitles:!1,drawMessage:!1,drawBars:!0,$addAfter:null};return this.each(function(){var options=$.extend(defaults,paramOptions);function getWrapperFor(t){return $('div[data-strengthifyFor="'+t+'"]')}function drawStrengthify(){var t=$(this).val(),e=$(this).attr("id"),s=""===t?0:1,a=zxcvbn(t),r="",i="",o="",n=getWrapperFor(e),d=n.find(".strengthify-container"),l=n.find("[data-strengthifyMessage]");switch(n.children().css("opacity",s).css("-ms-filter",'"progid:DXImageTransform.Microsoft.Alpha(Opacity='+100*s+')"'),options.onResult&&options.onResult(a),a.score){case 0:case 1:r="password-bad",i="danger",o=a.feedback?a.feedback.suggestions.join("<br/>"):"";break;case 2:i="warning",o=a.feedback?a.feedback.suggestions.join("<br/>"):"",r="password-medium";break;case 3:r="password-good",i="info",o="Getting better.";break;case 4:r="password-good",i="success",o="Looks good."}l&&(l.removeAttr("class"),l.addClass("bg-"+i),""===t&&(o=""),l.html(o)),d&&(d.attr("class",r+" strengthify-container").css("width",25*(0===a.score?1:a.score)+"%"),""===t&&d.css("width",0)),options.drawTitles&&(options.tilesOptions.tooltip&&(n.attr("title",options.titles[a.score]).tooltip({placement:"bottom",trigger:"manual"}).tooltip("fixTitle").tooltip("show"),0===s&&n.tooltip("hide")),options.tilesOptions.element&&n.find(".strengthify-tiles").text(options.titles[a.score]))}function init(){var $elem=$(this),elemId=$elem.attr("id"),drawSelf=drawStrengthify.bind(this),$addAfter=options.$addAfter;$addAfter||($addAfter=$elem),$addAfter.after('<div class="strengthify-wrapper" data-strengthifyFor="'+$elem.attr("id")+'"></div>'),options.drawBars&&getWrapperFor(elemId).append('<div class="strengthify-bg" />').append('<div class="strengthify-container" />').append('<div class="strengthify-separator" style="left: 25%" />').append('<div class="strengthify-separator" style="left: 50%" />').append('<div class="strengthify-separator" style="left: 75%" />'),options.drawMessage&&getWrapperFor(elemId).append("<div data-strengthifyMessage></div>"),options.drawTitles&&options.tilesOptions&&getWrapperFor(elemId).append('<div class="strengthify-tiles"></div>'),$elem.parent().on("scroll",drawSelf),$.ajax({cache:!0,url:options.zxcvbn}).done(function(content){eval(content),$elem.bind("keyup input change",drawSelf)})}options.drawTitles||options.drawMessage||options.drawBars||console.warn("expect at least one of 'drawTitles', 'drawMessage', or 'drawBars' to be true"),init.call(this)})}}(jQuery);
\ No newline at end of file
+(function($){$.fn.strengthify=function(paramOptions){"use strict";var defaults={zxcvbn:'zxcvbn/zxcvbn.js',titles:['Weakest','Weak','So-so','Good','Perfect'],tilesOptions:{tooltip:true,element:false},drawTitles:false,drawMessage:false,drawBars:true,$addAfter:null};return this.each(function(){var options=$.extend(defaults,paramOptions);if(!options.drawTitles&&!options.drawMessage&&!options.drawBars){console.warn("expect at least one of 'drawTitles', 'drawMessage', or 'drawBars' to be true")}function getWrapperFor(id){return $('div[data-strengthifyFor="'+id+'"]')};function drawStrengthify(){var password=$(this).val(),elemId=$(this).attr('id'),opacity=(password==='')?0:1,result=zxcvbn(password),css='',bsLevel='',message='',$wrapper=getWrapperFor(elemId),$container=$wrapper.find('.strengthify-container'),$message=$wrapper.find('[data-strengthifyMessage]');$wrapper.children().css('opacity',opacity).css('-ms-filter','"progid:DXImageTransform.Microsoft.Alpha(Opacity='+opacity*100+')"');if(options.onResult){options.onResult(result)}switch(result.score){case 0:case 1:css='password-bad';bsLevel='danger';message=result.feedback?result.feedback.suggestions.join('<br/>'):"";break;case 2:bsLevel='warning';message=result.feedback?result.feedback.suggestions.join('<br/>'):"";css='password-medium';break;case 3:css='password-good';bsLevel='info';message="Getting better.";break;case 4:css='password-good';bsLevel='success';message="Looks good.";break}if($message){$message.removeAttr('class');$message.addClass('bg-'+bsLevel);if(password===''){message=''}$message.html(message)}if($container){$container.attr('class',css+' strengthify-container').css('width',((result.score===0?1:result.score)*25)+'%');if(password===''){$container.css('width',0)}}if(options.drawTitles){if(options.tilesOptions.tooltip){$wrapper.attr('title',options.titles[result.score]).tooltip({placement:'bottom',trigger:'manual'}).tooltip('fixTitle').tooltip('show');if(opacity===0){$wrapper.tooltip('hide')}}if(options.tilesOptions.element){$wrapper.find(".strengthify-tiles").text(options.titles[result.score])}}};function init(){var $elem=$(this),elemId=$elem.attr('id');var drawSelf=drawStrengthify.bind(this);var $addAfter=options.$addAfter;if(!$addAfter){$addAfter=$elem}$addAfter.after('<div class="strengthify-wrapper" data-strengthifyFor="'+$elem.attr('id')+'"></div>');if(options.drawBars){getWrapperFor(elemId).append('<div class="strengthify-bg" />').append('<div class="strengthify-container" />').append('<div class="strengthify-separator" style="left: 25%" />').append('<div class="strengthify-separator" style="left: 50%" />').append('<div class="strengthify-separator" style="left: 75%" />')}if(options.drawMessage){getWrapperFor(elemId).append('<div data-strengthifyMessage></div>')}if(options.drawTitles&&options.tilesOptions){getWrapperFor(elemId).append('<div class="strengthify-tiles"></div>')}$elem.parent().on('scroll',drawSelf);var script=document.createElement("script");script.src=options.zxcvbn;document.head.appendChild(script);$elem.bind('keyup input change',drawSelf)};init.call(this);})}}(jQuery));
\ No newline at end of file
diff --git a/strengthify.css b/strengthify.css
index a3710e5..f94e9cc 100644
--- a/strengthify.css
+++ b/strengthify.css
@@ -1,7 +1,7 @@
 /**
  * Strengthify - show the weakness of a password (uses zxcvbn for this)
  * https://github.com/MorrisJobke/strengthify
- * Version: 0.5.3
+ * Version: 0.5.4
  * License: The MIT License (MIT)
  * Copyright (c) 2013-2016 Morris Jobke <morris.jobke@gmail.com>
  */