FW: Proposal: safeEval

Mike Samuel mikesamuel at gmail.com
Fri Jun 22 21:06:15 UTC 2018


On Fri, Jun 22, 2018, 4:56 PM doodad-js Admin <doodadjs at gmail.com> wrote:

> Thanks,
>
>
>
> *If you blacklist.*
>
>
>
> Blacklisting or whitelisting, that’s an open discussion.
>
It really isn't.

*Yet you're providing a library that does just that*
>
>
>
> Because that’s a “user land” library and currently the only way is with
> “AST filtering”, apart from compiling a complete runtime, with Emscripten
> or else.
>
No it isn't.  As I mentioned earlier, a combination of source code
rewriting, out of language isolation, and special purpose libraries have a
better track record than AST filtering for general purpose programming
languages.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20180622/a579fd47/attachment.html>


More information about the es-discuss mailing list