Disable the creation of dynamic function in current realm
I am seeking of a mechanism that could make eval and new Function or new o.constructor.constructor disabled, and return undefined or throw an exception. Any exisiting proposal can make it happen? Read...
View ArticleDisable the creation of dynamic function in current realm
If you're interested in doing this in first-party code, you can do this with eslint. If in browsers, look into CSP ( https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP ). Read full topic
View ArticleDisable the creation of dynamic function in current realm
Realms https://github.com/tc39/proposal-realms shim https://github.com/Agoric/realms-shim SES https://github.com/tc39/proposal-ses but stale proposal text shim https://github.com/Agoric/SES dependent...
View ArticleDisable the creation of dynamic function in current realm
Thanks to all you folks. I will look into it. But now we just disable them for good. eval is really evil. Our scenario just like node, not web. But we use some of the cross site security like web's...
View Article