Proposal: safeEval

doodad-js Admin doodadjs at gmail.com
Sat Jun 30 21:20:04 UTC 2018 

But I doubt it can be full proof without runtime’s help.

 

I found a way: AST filtering with rewriting. So that “obj[key]” will get rewritten to “safeEval.get(obj, key)”. That is now part of my TODO list for “@doodad-js/safeeval”. For the moment, I block the dynamic property accessor operator (“obj[key]”), and the rewriting must be manual.

 

Claude

 

 

From: doodad-js Admin <doodadjs at gmail.com> 
Sent: Friday, June 22, 2018 7:29 PM
To: mikesamuel at gmail.com
Cc: 'Isiah Meadows' <isiahmeadows at gmail.com>; 'es-discuss' <es-discuss at mozilla.org>
Subject: RE: FW: Proposal: safeEval

 

For the last time, why do you believe opcode filtering can?

 

Because, at my knowledge, AST filtering is more subject to break than “opcode” filtering. If that’s not the case, please help me to provide a better “safeEval” by reporting issues of my library directly to me. But I doubt it can be full proof without runtime’s help.

 

Claude

 

 

From: Mike Samuel <mikesamuel at gmail.com <mailto:mikesamuel at gmail.com> > 
Sent: Friday, June 22, 2018 6:53 PM
To: doodad-js Admin <doodadjs at gmail.com <mailto:doodadjs at gmail.com> >
Cc: Isiah Meadows <isiahmeadows at gmail.com <mailto:isiahmeadows at gmail.com> >; es-discuss <es-discuss at mozilla.org <mailto:es-discuss at mozilla.org> >
Subject: Re: FW: Proposal: safeEval

 

 

On Fri, Jun 22, 2018, 6:51 PM doodad-js Admin <doodadjs at gmail.com <mailto:doodadjs at gmail.com> > wrote:

This is silly.  I can want these without wanting them built using substandard tools.

 

That’s the point why I bring it to ES. Nothing on the “user land” can provide something reliable, apart a complete JS runtime library compiled to “WASM” or “asm.js”. And... that’s silly.

 

For the last time, why do you believe opcode filtering can?

 

 


 <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 

Virus-free.  <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> www.avg.com 

 



---
This email has been checked for viruses by AVG.
https://www.avg.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20180630/654c0ac0/attachment.html>

More information about the es-discuss mailing list