Safer condition calculation

[rguliev]

Using eval() may be not safe. It would be better to avoid it or make safer.

[renvrant]

To get rid of eval, you would have to revert to a structure where conditions and operators are provided separately.

One option for preserving a compact API but ensuring safety might be asking users to provide a JSON object for complex comparisons, with separate keys for values, operators, and whatever else is required. JSON can be safely parsed using native browser APIs and is probably the best option for transforming to and from strings.

[rguliev]

Thanks for the suggestion. Yeah, that will lead to reverting to the original structure of conditionize.js where fields, values and operators are separate. Which would look overcomplicated for conditions like A && B || C. It also will require more parameters for multi-value fields. I think that in the first place it should be better investigated, what are risks of using eval. Because, at first glance, it looks just like running code in the console.

[rguliev]

I noticed that some JS frameworks like vue have inline conditions too (see v-if or v-show). So, I think this issue is not a big deal. At least for now.