“Blacklisting or whitelisting, that’s an open discussion”: It really isn't.
So for you, blacklisting or whitelisting is not opened to a discussion? No it isn't. As I mentioned earlier, a combination of source code rewriting, out of language isolation, and special purpose libraries have a better track record than AST filtering for general purpose programming languages. So, you don’t want JS code interpretation inside “user reports formulas”, “template engines”, “compiler tools”, ...? Claude From: Mike Samuel <[email protected]> Sent: Friday, June 22, 2018 5:06 PM To: doodad-js Admin <[email protected]> Cc: Isiah Meadows <[email protected]>; es-discuss <[email protected]> Subject: Re: FW: Proposal: safeEval On Fri, Jun 22, 2018, 4:56 PM doodad-js Admin <[email protected] <mailto:[email protected]> > wrote: Thanks, If you blacklist. Blacklisting or whitelisting, that’s an open discussion. It really isn't. Yet you're providing a library that does just that Because that’s a “user land” library and currently the only way is with “AST filtering”, apart from compiling a complete runtime, with Emscripten or else. No it isn't. As I mentioned earlier, a combination of source code rewriting, out of language isolation, and special purpose libraries have a better track record than AST filtering for general purpose programming languages. <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> Virus-free. <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> www.avg.com --- This email has been checked for viruses by AVG. https://www.avg.com
_______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
