No Compromise with Security: AB Tasty’s Commitment to Safe Experimentation
At AB Tasty, we believe security should never be an afterthought. That’s why we’ve taken a major step forward by removing the use of JavaScript’s eval() function from our platform.
While eval() was once a common way to execute dynamic code for A/B testing, it’s now widely recognized as a security risk—vulnerable to code injection attacks and often blocked by strict Content Security Policies (CSPs).
What does this mean for you?
- Our platform is now fully compatible with even the strictest CSPs.
- The risk of code injection and related vulnerabilities is dramatically reduced.
- You get a safer, more robust experimentation environment—no exceptions or workarounds needed.
What Is eval() and Why Is It Considered Unsafe?
eval() is a native JavaScript function that takes a string of code and executes it as if it were written directly in the script. This flexibility makes it convenient for scenarios where dynamic execution is needed—such as A/B testing, where variations are generated on the fly. However, eval() is often considered a security risk because:
- It executes code without validation, making it a potential gateway for malicious scripts.
- It is vulnerable to code injection attacks, which can compromise a website’s security.
- Many modern security policies, including Content Security Policies (CSPs), explicitly prohibit or restrict the use of eval().
Security at Every Level
Our commitment to security goes far beyond code execution. Here’s how we keep your data and your business safe:
- Data Protection: All data is encrypted in transit and stored securely on Google Cloud infrastructure.
- Access Management: Only a select, authorized team can access customer data, with all access logged and regularly reviewed.
- Authentication & Permissions: We support strong password policies, multi-factor authentication, and role-based access control.
- Continuous Monitoring: Regular security audits, penetration tests, and real-time monitoring ensure ongoing protection.
- Incident Response: We have clear procedures for managing and communicating any security incidents.
Choosing AB Tasty: A Safer Choice in A/B Testing
Security-conscious businesses now have an additional reason to choose AB Tasty over other Customer Experience Optimization providers. While some major providers still rely on eval(), our eval()-free approach offers a safer alternative without compromising performance.
By proactively adapting to modern security standards, AB Tasty ensures that our clients can run experiments without worrying about security vulnerabilities or policy restrictions.
The Future of Secure A/B Testing
Security and performance go hand in hand. At AB Tasty, we continuously evolve to meet the highest standards of safety and efficiency. Removing eval() is just one of the many steps we take to provide a secure, high-performance CRO experience.
If you’re looking for a compliant, secure, and high-performing experimentation platform, AB Tasty is the solution. Contact us today to learn more about how we can help you optimize your website—safely and effectively.
FAQs about security and privacy at AB Tasty:
Why is the removal of eval() important for security?
eval() can execute any code, making it a target for code injection attacks. By removing it, AB Tasty eliminates a major security risk and ensures compatibility with strict Content Security Policies.
Will this change affect the performance or flexibility of my experiments?
No. The processing is fully optimized on AB Tasty’s side and completely transparent for you. Tests remain fast, lightweight, and without any impact on page performance.
Do we need to do anything on our IT side?
Nothing at all. No CSP rule to adjust. Integration is now simpler than ever.
What makes AB Tasty more secure than other A/B testing platforms?
AB Tasty has eliminated the use of JavaScript’s eval() function, reducing the risk of code injection and making our platform fully compatible with strict Content Security Policies (CSPs). We also use strong encryption, access controls, and regular security audits.
Q: How does AB Tasty compare to other A/B testing tools like Optimizely or VWO in terms of security?
Unlike some competitors, AB Tasty does not require exceptions for unsafe code execution, making it easier to deploy in secure environments and reducing risk.
