On Fri, Jun 22, 2018, 5:30 PM doodad-js Admin <dooda...@gmail.com> wrote:
> *“Blacklisting or whitelisting, that’s an open discussion”: It really > isn't.* > > > > So for you, blacklisting or whitelisting is not opened to a discussion? > No. Case based reasoning doesn't work when the partition of cases can't be enumerated so if we want confidence in our tools we ought prefer whitelisting. *No it isn't. As I mentioned earlier, a combination of source code > rewriting, out of language isolation, and special purpose libraries have a > better track record than AST filtering for general purpose programming > languages.* > > > > So, you don’t want JS code interpretation inside “user reports formulas”, > “template engines”, “compiler tools”, ...? > This is silly. I can want these without wanting them built using substandard tools. > > Claude > > > > > > *From:* Mike Samuel <mikesam...@gmail.com> > *Sent:* Friday, June 22, 2018 5:06 PM > *To:* doodad-js Admin <dooda...@gmail.com> > *Cc:* Isiah Meadows <isiahmead...@gmail.com>; es-discuss < > es-discuss@mozilla.org> > *Subject:* Re: FW: Proposal: safeEval > > > > > > On Fri, Jun 22, 2018, 4:56 PM doodad-js Admin <dooda...@gmail.com> wrote: > > Thanks, > > > > *If you blacklist.* > > > > Blacklisting or whitelisting, that’s an open discussion. > > It really isn't. > > > > *Yet you're providing a library that does just that* > > > > Because that’s a “user land” library and currently the only way is with > “AST filtering”, apart from compiling a complete runtime, with Emscripten > or else. > > No it isn't. As I mentioned earlier, a combination of source code > rewriting, out of language isolation, and special purpose libraries have a > better track record than AST filtering for general purpose programming > languages. > > > > > > > <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> > > Virus-free. www.avg.com > <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> > > >
_______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss