search

appsmithorg / appsmith

Platform to build admin panels, internal tools, and dashboards. Integrates with 25+ databases and any API.
https://www.appsmith.com
Apache License 2.0
33.77k stars 3.63k forks source link

[Task]: consider blacklisting eval #12194

Open eco-monk opened 2 years ago

eco-monk commented 2 years ago

Is there an existing issue for this?

SubTasks

We currently allow eval to be used anywhere in the application (property pane, JS editor etc...).

Although, It has it's niche use-cases as discussed here.

Should we blacklist eval? https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval If so, we need to address atleast this use-case mentioned above.

eco-monk commented 2 years ago

Things to explore: Does Function() serve as a reasonable alternative?