Streeterxs / playgroundjs

0 stars 0 forks source link

find a more secure way of execute javascript code #7

Open digzom opened 5 months ago

digzom commented 5 months ago

Doing just an eval(code) is kinda insecure because we allow the user to execute any abitrary code, inclusively accessing or changing things in runtime. So we might search for a better way to do this in the post POC version

Streeterxs commented 5 months ago

we could encapsulate this functionality into a function so when we decide to change we will need to change the code inside only one block like:

const runCode = (code) => {
    eval(code)
}

to

const runCode = (code) => {
    newSecureEval(code)
}