Proposal: safeEval
doodad-js Admin
doodadjs at gmail.com
Wed Jun 20 02:29:24 UTC 2018
Hi,
I take a chance to valorize "eval" again by proposing "safeEval".
function safeEval(expression, [locals], [options]) {
......
};
So that you can:
safeEval("1 + a", {a: 2}); // returns "3"
safeEval("1 + a()", {a: function() {return 2}}, {allowFunctions: true});
// also returns "3"
but:
safeEval("1 + a()", {a: function() { return 2}}); // throws whatever you
want because "allowFunctions" is denied
etc.
Note that local variables are specified in argument. Also note that
"options" mainly gives/denies permissions. I'm not sure if we should be
whitelisting or blacklisting features there though, or a mix of default
enabled and disabled ones...
Very incomplete, but as for inspiration (and very useful to me):
https://www.npmjs.com/package/@doodad-js/safeeval
Claude
---
This email has been checked for viruses by AVG.
https://www.avg.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20180619/90dcd397/attachment-0001.html>
More information about the es-discuss
mailing list