FW: Proposal: safeEval
doodad-js Admin
doodadjs at gmail.com
Fri Jun 22 20:56:50 UTC 2018
Thanks,
If you blacklist.
Blacklisting or whitelisting, that’s an open discussion.
Yet you're providing a library that does just that
Because that’s a “user land” library and currently the only way is with “AST filtering”, apart from compiling a complete runtime, with Emscripten or else.
Claude
From: Mike Samuel <mikesamuel at gmail.com>
Sent: Friday, June 22, 2018 4:46 PM
To: doodad-js Admin <doodadjs at gmail.com>
Cc: Isiah Meadows <isiahmeadows at gmail.com>; es-discuss <es-discuss at mozilla.org>
Subject: Re: FW: Proposal: safeEval
On Fri, Jun 22, 2018, 4:21 PM doodad-js Admin <doodadjs at gmail.com <mailto:doodadjs at gmail.com> > wrote:
you've provided no reason to believe that opcode filtering would provide a better balance between security and ease of writing than AST filtering
AST filtering is fragile because every change on the language can break it.
If you blacklist.
Yet you're providing a library that does just that and have still provided no reason to believe that an opcode filtering proposal would be both more secure and less brittle.
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
Virus-free. <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> www.avg.com
---
This email has been checked for viruses by AVG.
https://www.avg.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20180622/67ba75a1/attachment.html>
More information about the es-discuss
mailing list