> You could even use filter(function(f){f.name==‘abc’;}).length > 0
not really, that's a long way to find what you are looking for, `some`
stops ASAP instead.
> The focus of this proposal is that the purpose of .valueOf and .toString
I think those have valid use cases and changing a method
From: Claude Petit
Sent: Wednesday, June 20, 2018 2:23 PM
To: 'mikesam...@gmail.com'
Cc: 'es-discuss'
Subject: RE: Proposal: safeEval
Thanks,
How would this compare to https://github.com/tc39/proposal-frozen-realms ?
I was not aware of that proposal or didn’t pay attention.I think
It looks like you want included to use `==` for comparison, opening a whole
new world of issues.
You have `some` and your code to do that with ease, same goes for `find` or
`findIndex`, very appropriate for this use case.
```js
items.some(o => o == 'abc');
```
Regards
On Wed, Jun 20, 2018 at
On Wed, Jun 20, 2018 at 2:26 PM doodad-js Admin wrote:
>
>
> I was not aware of that proposal or didn’t pay attention.I think
> “safeEval” provides ACLs, while your proposal don’t.
>
Neither the realms proposal nor the frozen realms proposal include ACLs.
Where are the ACLs in safeeval?
I see
True, there are many other ways to make this work. You could even use
filter(function(f){f.name==‘abc’;}).length > 0 .
The focus of this proposal is that the purpose of .valueOf and .toString are to
allow for objects to return a default value without requiring the matching
method to know about
If you want to check properties or methods of an array of objects, you can
use `Array.prototype.some`.
On Wed, Jun 20, 2018, 12:27 Mike Simon wrote:
> [Proposal] Array.prototype.includes should evaluate object.toString
> and/or object.valueOf when determining a match
>
> The problem:
>
> If I
Darien others replied about CSP but also `script-src data: unsafe-inline`
would work as well. There is no evaluation, or at least, nothing different
from loading static content there (OK, the dynamic import could be a
different story, yet if pre-processed I don't see it as useful, but surely
one
How can we discuss your idea separately from the library?
You talk about options and ACLs but the only hint as to what those might
mean is the library.
How would the idea work if not by tree filtering? AdSAFE did that but
writing AdSAFE was very different from writing vanilla JS.
On Wed, Jun
I did get a bit out of hand with a few parts. I wanted to clarify that
the idea itself is IMHO a really bad idea. To emphasize a part:
> That utility is trivially broken in multiple ways (won't announce them
> on-list, but I've emailed Claude privately), and I'm pretty convinced the
> idea
Thanks
How can we discuss your idea separately from the library?
I’m more thinking at the runtime level than at the “user land”. To be honest, I
don’t care of “safeEval” on “user land”.
You talk about options and ACLs but the only hint as to what those might mean
is the library
How
Just a quick read, but that's a *terrible* set of ACLs, and I strongly
dislike the idea in general. That utility is trivially broken in
multiple ways (won't announce them on-list, but I've emailed Claude
privately), and I'm pretty convinced the idea itself is broken.
Limiting syntax is incredibly
I don't want to propose you my library, I want to propose you the idea.
-Original Message-
From: impinb...@gmail.com On Behalf Of Isiah Meadows
Sent: Wednesday, June 20, 2018 7:57 PM
To: Mike Samuel
Cc: doodad-js Admin ; es-discuss
Subject: Re: FW: Proposal: safeEval
Just a quick
[Proposal] Array.prototype.includes should evaluate object.toString and/or
object.valueOf when determining a match
The problem:
If I have a list of objects that contain a toString() prototype that returns a
value from the object, Array.prototype.includes does not return true if the
How would this compare to https://github.com/tc39/proposal-frozen-realms ?
I'm not sure how to run @doodad-js/safeeval in node since require doesn't
provide obvious access to safeeval, but the code seems to do AST filtering.
What does it do for inputs like
safeEval('
On Tue, Jun 19, 2018 at 9:50 PM Darien Valentine
wrote:
> Aha! Thanks. I think I get what you mean now.
>
> Let’s say I have this CSP:
>
> ```
> content-security-policy: script-src 'nonce-foo'
> ```
>
> And I have this in my document:
>
> ```
>
> import
They would act akin to hoisted functions declarations in that regard, For
example
```
import {getPersonType} from School
if (Math.random() < 0.5) {
module School {
export function getPersonType() {}
}
}
```
Largely yes, the utility is in providing bundlers and authors with a
On Wed, Jun 20, 2018 at 10:44 AM Sultan wrote:
>
> Additionally there are aspects that bundlers have a hard time replicating
> when using ES modules as an authoring format. Consider the following
> example, where ES modules might maintain a "live" binding.
>
> ```
> // a.js
> import {b} from
17 matches
Mail list logo
