Re: [ClojureScript] Why isn't giving end-users a repl dangerous?

2016-09-25 Thread Yehonathan Sharvit
By the way, the klipse plugin does something similar. You might want to take a look at https://github.com/viebel/klipse On Mon, Sep 26, 2016, 00:44 mars0i wrote: > On Sunday, September 25, 2016 at 3:10:29 PM UTC-5, Yehonathan Sharvit > wrote: > > There might me security

Re: [ClojureScript] Why isn't giving end-users a repl dangerous?

2016-09-25 Thread mars0i
On Sunday, September 25, 2016 at 3:10:29 PM UTC-5, Yehonathan Sharvit wrote: > There might me security issues if the website allows users to modify the > contents of the page - like Wikipedia or clojuredocs.org. > > A malicious user might write cljs code that will do malicious actions that >

Re: [ClojureScript] Why isn't giving end-users a repl dangerous?

2016-09-25 Thread Yehonathan Sharvit
There might me security issues if the website allows users to modify the contents of the page - like Wikipedia or clojuredocs.org. A malicious user might write cljs code that will do malicious actions that run on the browser of all your visitors On Sunday, 25 September 2016 19:47:03 UTC+3,

Re: [ClojureScript] Why isn't giving end-users a repl dangerous?

2016-09-25 Thread mars0i
On Sunday, September 25, 2016 at 12:32:36 AM UTC-5, Brandon Adams wrote: > The users already have a javascript repl with the same abilities and > permissions as the cljs repl you give them. Oh! Good point. Got it. Thanks. -- Note that posts from new members are moderated - please be patient

Re: [ClojureScript] Why isn't giving end-users a repl dangerous?

2016-09-24 Thread Brandon Adams
The users already have a javascript repl with the same abilities and permissions as the cljs repl you give them. On Sun, Sep 25, 2016 at 12:05 AM, mars0i wrote: > A good rule of thumb: One should worry that giving end-users access to a > full-fledged eval function can be

[ClojureScript] Why isn't giving end-users a repl dangerous?

2016-09-24 Thread mars0i
A good rule of thumb: One should worry that giving end-users access to a full-fledged eval function can be dangerous, because users can then do anything that the language can do, and cause damage to their own system or to others'. There are numerous Clojurescript repls embedded in public web