Proposal: safeEval

doodad-js Admin doodadjs at gmail.com
Wed Jun 20 03:23:35 UTC 2018 

Thanks,

 

There is an option to allow/disallow some aspects of the language, and you can provide the local variables you want to the expression.

 

Claude

 

 

From: Jordan Harband <ljharb at gmail.com> 
Sent: Tuesday, June 19, 2018 10:59 PM
To: doodad-js Admin <doodadjs at gmail.com>
Cc: es-discuss <es-discuss at mozilla.org>
Subject: Re: Proposal: safeEval

 

What value does this add, when you can already do `function safeEval(...args) { return Function(...args)(); }`, or similar?

 

On Tue, Jun 19, 2018 at 7:29 PM, doodad-js Admin <doodadjs at gmail.com <mailto:doodadjs at gmail.com> > wrote:

Hi,

 

I take a chance to valorize “eval” again by proposing “safeEval”.

 

function safeEval(expression, [locals], [options]) {

                ......

};

 

So that you can:

 

safeEval(“1 + a”, {a: 2});    // returns “3”

safeEval(“1 + a()”, {a: function() {return 2}}, {allowFunctions: true});    // also returns “3”

 

but:

 

safeEval(“1 + a()”, {a: function() { return 2}});    // throws whatever you want because “allowFunctions” is denied

 

etc.

 

Note that local variables are specified in argument. Also note that “options” mainly gives/denies permissions. I’m not sure if we should be whitelisting or blacklisting features there though, or a mix of default enabled and disabled ones...

 

Very incomplete, but as for inspiration (and very useful to me): https://www.npmjs.com/package/@doodad-js/safeeval

 

 

Claude

 

 


 <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 

Virus-free.  <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> www.avg.com 


_______________________________________________
es-discuss mailing list
es-discuss at mozilla.org <mailto:es-discuss at mozilla.org> 
https://mail.mozilla.org/listinfo/es-discuss

 



---
This email has been checked for viruses by AVG.
https://www.avg.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20180619/e975d2cc/attachment.html>

More information about the es-discuss mailing list