Example code of a Node.js application vulnerable to an injection attack. Just as in a client-side context, the call to eval, on line 8, must be considered dangerous [7] and makes the example vulnerable to an injection attack.