search

TomFrost / Jexl

Javascript Expression Language: Powerful context-based expression parser and evaluator
MIT License
563 stars 92 forks source link

Security? does it use actual JS eval function? #120

Open hassan-jahan opened 2 years ago

hassan-jahan commented 2 years ago

Hi,

Thank you for your great work,

One question does it use actual js eval or Function or have access to global JavaScript objects. Is it safe to use this for user inputs?

abierbaum commented 2 years ago

See: https://github.com/TomFrost/Jexl/issues/81

From my understanding it does not.