Open inian opened 8 years ago
steffengy
commented
8 years ago I would generally not recommend using the js implementation used here on nodejs without sandboxing, since that might lead to the execution of dangerous code.
For server-side, you could for example use something based on the python parser, like (my) https://gist.github.com/steffengy/d0cb0afc7378f19848f6 should work.
bitwiseman
commented
8 years ago I think we've mostly removed the functionality for eval_code. The unpackers are not well supported. If you want to dig into making them better, you are welcome.
I think the generic eval unpacker was specifically removed as unsafe:.
https://github.com/beautify-web/js-beautify/blob/master/CONTRIBUTING.md#generic-eval-unpacker
@steffengy - Yes, the unpackers are definitely not safe. See #662. If you want to contribute replacement(s) that are safe, I'd be happy to see this fixed.
steffengy
commented
8 years ago @bitwiseman I just ended up using my gist mentioned above, which is a port of the python version which is safe and worked in all of my cases.
bitwiseman
commented
8 years ago Interesting. I'll take a look at when I have some time.
How do I unpack a script file which was packed using Dean Edwards packer using the js-beautify node module? Beautifying the code using the eval_code option set to true does not seem to unpack it. Is there some other option that needs to be set?
Thanks!