FW: Proposal: safeEval

[doodad-js Admin]

“Blacklisting or whitelisting, that’s an open discussion”: It really isn't.

 

So for you, blacklisting or whitelisting is not opened to a discussion?

 

No it isn't.  As I mentioned earlier, a combination of source code rewriting, out of language isolation, and special purpose libraries have a better track record than AST filtering for general purpose programming languages.

 

So, you don’t want JS code interpretation inside “user reports formulas”, “template engines”, “compiler tools”, ...?

 

 

Claude

 

 

From: Mike Samuel <mikesamuel at gmail.com> 
Sent: Friday, June 22, 2018 5:06 PM
To: doodad-js Admin <doodadjs at gmail.com>
Cc: Isiah Meadows <isiahmeadows at gmail.com>; es-discuss <es-discuss at mozilla.org>
Subject: Re: FW: Proposal: safeEval

 

 

On Fri, Jun 22, 2018, 4:56 PM doodad-js Admin <doodadjs at gmail.com <mailto:doodadjs at gmail.com> > wrote:

Thanks,

 

If you blacklist.

 

Blacklisting or whitelisting, that’s an open discussion.

It really isn't.

 

Yet you're providing a library that does just that

 

Because that’s a “user land” library and currently the only way is with “AST filtering”, apart from compiling a complete runtime, with Emscripten or else.

No it isn't.  As I mentioned earlier, a combination of source code rewriting, out of language isolation, and special purpose libraries have a better track record than AST filtering for general purpose programming languages.

 

 


 <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 

Virus-free.  <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> www.avg.com 

 



---
This email has been checked for viruses by AVG.
https://www.avg.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20180622/95593aee/attachment-0001.html>