But I doubt it can be full proof without runtime’s help.
I found a way: AST filtering with rewriting. So that “obj[key]” will get rewritten to “safeEval.get(obj, key)”. That is now part of my TODO list for “@doodad-js/safeeval”. For the moment, I block the dynamic property accessor operator (“obj[key]”), and the rewriting must be manual. Claude From: doodad-js Admin <[email protected]> Sent: Friday, June 22, 2018 7:29 PM To: [email protected] Cc: 'Isiah Meadows' <[email protected]>; 'es-discuss' <[email protected]> Subject: RE: FW: Proposal: safeEval For the last time, why do you believe opcode filtering can? Because, at my knowledge, AST filtering is more subject to break than “opcode” filtering. If that’s not the case, please help me to provide a better “safeEval” by reporting issues of my library directly to me. But I doubt it can be full proof without runtime’s help. Claude From: Mike Samuel <[email protected] <mailto:[email protected]> > Sent: Friday, June 22, 2018 6:53 PM To: doodad-js Admin <[email protected] <mailto:[email protected]> > Cc: Isiah Meadows <[email protected] <mailto:[email protected]> >; es-discuss <[email protected] <mailto:[email protected]> > Subject: Re: FW: Proposal: safeEval On Fri, Jun 22, 2018, 6:51 PM doodad-js Admin <[email protected] <mailto:[email protected]> > wrote: This is silly. I can want these without wanting them built using substandard tools. That’s the point why I bring it to ES. Nothing on the “user land” can provide something reliable, apart a complete JS runtime library compiled to “WASM” or “asm.js”. And... that’s silly. For the last time, why do you believe opcode filtering can? <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> Virus-free. <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> www.avg.com --- This email has been checked for viruses by AVG. https://www.avg.com
_______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
