Keep in mind that read-string, eval, and load-string are all exploit vectors. Read-string exposes you to the #= eval macro, which can execute arbitrary code at read time, as well as various vulnerabilities with object construction.
Eval executes the data it receives without any sandboxing or sanity checking, any data that has ever had any user influence should be suspect. 9 times out of 10, if you're using eval, you should be using a function reference.
Load-string is likewise vulnerable to the eval macro and constructor attack vectors.
clojure.edn offers safe versions of read and read-string that do not use the eval macro. You can get load-string equivalent behavior by wrapping the string in a StringReader and then clojure.edn/reading it until eof. If you're reading data that's had any influence from an end user, always use the clojure.edn facilities, and never eval it.
Eval executes the data it receives without any sandboxing or sanity checking, any data that has ever had any user influence should be suspect. 9 times out of 10, if you're using eval, you should be using a function reference.
Load-string is likewise vulnerable to the eval macro and constructor attack vectors.
clojure.edn offers safe versions of read and read-string that do not use the eval macro. You can get load-string equivalent behavior by wrapping the string in a StringReader and then clojure.edn/reading it until eof. If you're reading data that's had any influence from an end user, always use the clojure.edn facilities, and never eval it.