Thanks,
If you blacklist. Blacklisting or whitelisting, that’s an open discussion. Yet you're providing a library that does just that Because that’s a “user land” library and currently the only way is with “AST filtering”, apart from compiling a complete runtime, with Emscripten or else. Claude From: Mike Samuel <[email protected]> Sent: Friday, June 22, 2018 4:46 PM To: doodad-js Admin <[email protected]> Cc: Isiah Meadows <[email protected]>; es-discuss <[email protected]> Subject: Re: FW: Proposal: safeEval On Fri, Jun 22, 2018, 4:21 PM doodad-js Admin <[email protected] <mailto:[email protected]> > wrote: you've provided no reason to believe that opcode filtering would provide a better balance between security and ease of writing than AST filtering AST filtering is fragile because every change on the language can break it. If you blacklist. Yet you're providing a library that does just that and have still provided no reason to believe that an opcode filtering proposal would be both more secure and less brittle. <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> Virus-free. <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> www.avg.com --- This email has been checked for viruses by AVG. https://www.avg.com
_______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
