Siubaak
commented
2 years ago I think it's possible, if we complement all global objects by our own to prevent prototype pollution. However I've found the SES which may be a better choice.
Open imolorhe opened 2 years ago
Siubaak
commented
2 years ago I think it's possible, if we complement all global objects by our own to prevent prototype pollution. However I've found the SES which may be a better choice.
imolorhe
commented
2 years ago I've looked into ses but it requires unsafe-eval to work unfortunately
Siubaak
commented
1 year ago SES complemented by Proxy + Object.freeze. I think we can also use these apis to complement a sandbox by our own.
I'm trying to understand how sval works and particularly the sandbox. Is it possible to evaluate the code without allowing access to the global scope object, when running untrusted code?