But I doubt it can be full proof without runtime’s help.
I found a way: AST filtering with rewriting. So that “obj[key]” will get
rewritten to “safeEval.get(obj, key)”. That is now part of my TODO list for
“@doodad-js/safeeval”. For the moment, I block the dynamic property accessor
operator
How would this compare to https://github.com/tc39/proposal-frozen-realms ?
I'm not sure how to run @doodad-js/safeeval in node since require doesn't
provide obvious access to safeeval, but the code seems to do AST filtering.
What does it do for inputs like
safeEval('
Thanks,
There is an option to allow/disallow some aspects of the language, and you can
provide the local variables you want to the expression.
Claude
From: Jordan Harband
Sent: Tuesday, June 19, 2018 10:59 PM
To: doodad-js Admin
Cc: es-discuss
Subject: Re: Proposal: safeEval
What
What value does this add, when you can already do `function
safeEval(...args) { return Function(...args)(); }`, or similar?
On Tue, Jun 19, 2018 at 7:29 PM, doodad-js Admin wrote:
> Hi,
>
>
>
> I take a chance to valorize “eval” again by proposing “safeEval”.
>
>
>
> function
4 matches
Mail list logo
