Proposal: safeEval

doodad-js Admin doodadjs at
Wed Jun 20 02:29:24 UTC 2018



I take a chance to valorize "eval" again by proposing "safeEval".


function safeEval(expression, [locals], [options]) {




So that you can:


safeEval("1 + a", {a: 2});    // returns "3"

safeEval("1 + a()", {a: function() {return 2}}, {allowFunctions: true});
// also returns "3"




safeEval("1 + a()", {a: function() { return 2}});    // throws whatever you
want because "allowFunctions" is denied




Note that local variables are specified in argument. Also note that
"options" mainly gives/denies permissions. I'm not sure if we should be
whitelisting or blacklisting features there though, or a mix of default
enabled and disabled ones...


Very incomplete, but as for inspiration (and very useful to me):





This email has been checked for viruses by AVG.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the es-discuss mailing list