A proper solution really is a separate VM, that isolates the complete
environment watertight and by default denies all interaction except for
those which have been defined as interaction points (alas it would also see
to it a DOS attack with a while(1){} appropriately times out).Anything else is really just a hack with security holes waiting to be discovered. On Mon, Dec 1, 2014 at 10:35 AM, Michał Wadas <[email protected]> wrote: > Creating secure implementation of eval without creating your own > interpreter (or sophisticated operations on AST) is almost impossible - it > would require to copy whole environment and provide mocks to any possibly > dangerous function. > At least O(n^2) complexity without ES6 Map. > > _______________________________________________ > es-discuss mailing list > [email protected] > https://mail.mozilla.org/listinfo/es-discuss > >
_______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
