How is this safe / sandboxed?

johan-gorter / sandboxed-javascript-expressions

Allows evaluating untrusted javascript expressions in a nodejs server and in browsers

MIT License

2 stars 0 forks source link

Open marke-apexit opened 1 year ago

marke-apexit commented 1 year ago

If this uses native eval, how is it sandboxed? Does it prevent calling Javascript functions that might not be safe?

johan-gorter commented 1 year ago

The strings in the provided expression are escaped before being evaled. This way only functions you provide can be called.