Proposal: safeEval

doodad-js Admin doodadjs at
Wed Jun 20 03:23:35 UTC 2018



There is an option to allow/disallow some aspects of the language, and you can provide the local variables you want to the expression.





From: Jordan Harband <ljharb at> 
Sent: Tuesday, June 19, 2018 10:59 PM
To: doodad-js Admin <doodadjs at>
Cc: es-discuss <es-discuss at>
Subject: Re: Proposal: safeEval


What value does this add, when you can already do `function safeEval(...args) { return Function(...args)(); }`, or similar?


On Tue, Jun 19, 2018 at 7:29 PM, doodad-js Admin <doodadjs at <mailto:doodadjs at> > wrote:



I take a chance to valorize “eval” again by proposing “safeEval”.


function safeEval(expression, [locals], [options]) {




So that you can:


safeEval(“1 + a”, {a: 2});    // returns “3”

safeEval(“1 + a()”, {a: function() {return 2}}, {allowFunctions: true});    // also returns “3”




safeEval(“1 + a()”, {a: function() { return 2}});    // throws whatever you want because “allowFunctions” is denied




Note that local variables are specified in argument. Also note that “options” mainly gives/denies permissions. I’m not sure if we should be whitelisting or blacklisting features there though, or a mix of default enabled and disabled ones...


Very incomplete, but as for inspiration (and very useful to me):







Virus-free.  <> 

es-discuss mailing list
es-discuss at <mailto:es-discuss at>


This email has been checked for viruses by AVG.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the es-discuss mailing list