Hey, There are in deed a few spots where eval is used. But its not that easy that every eval could be replaced. We sometimes use the eval statement to make sure we execute code in the right context during tests e.g. So there is more to eval than just executing code. So removing all of them is currently not possible (e.g. whole property system based on them) so it does not make much sense to remove some of them. Regards, Martin
Am 10.12.2012 um 17:50 schrieb Greg Hellings <[email protected]>: > I'd like to echo this desire to remove such dynamic code from the > library if possible. Chrome extensions are becoming more and more > strict and they now require special permissions to execute either > 'eval' or 'new Function' calls. Hopefully they keep this as a > possibility, but there's no guarantee of that. Excising such code, if > possible, from the framework is probably good both for security > reasons and maybe even performance in some contexts. > > --Greg > > On Mon, Dec 10, 2012 at 10:39 AM, fprijate <[email protected]> wrote: >> Hi >> >> I just studied HTML5 CSP content security policy >> <http://www.html5rocks.com/en/tutorials/security/content-security-policy/> >> where inline code and eval is considered harmful. >> It's allso "Bad part " by Douglas crockford >> <http://javascript.crockford.com/> >> So I just scaned a repo for eval. >> There are some parts where eval is obviously needed (in playground ....). >> But there are also some evals that can be safely replaced by direct code. >> Like eval('some_expression') with some_expression. >> >> regards >> FranĨek >> >> >> >> >> >> -- >> View this message in context: >> http://qooxdoo.678.n2.nabble.com/Use-of-eval-in-framework-tp7582238p7582249.html >> Sent from the qooxdoo mailing list archive at Nabble.com. >> >> ------------------------------------------------------------------------------ >> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial >> Remotely access PCs and mobile devices and provide instant support >> Improve your efficiency, and focus on delivering more value-add services >> Discover what IT Professionals Know. Rescue delivers >> http://p.sf.net/sfu/logmein_12329d2d >> _______________________________________________ >> qooxdoo-devel mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > qooxdoo-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ qooxdoo-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
