Closed faramos closed 2 years ago
Hello @faramos ,
Thank you a lot for your good word. I still remember all months of efforts I did to create this library ;)
Using UnregisterAll
doesn't prevent people from using them. They just don't have any more access anymore to some "shortcut" to members registered by default.
If you want your user to only be able to access what you have registered, you need to use: evalContext.SafeMode = true;
So this code will now return an error as you never authorized it:
var evalContext = new EvalContext();
evalContext.UnregisterAll();
evalContext.SafeMode = true;
//evalContext.RegisterDefaultAliasSafe();
var resultFloat = evalContext.Execute<object>("System.IO.Directory.GetCurrentDirectory()");
Console.WriteLine(resultFloat);
We will never be able to guarantee that the SafeMode
is 100% secure but so far, no one provided us a code that break it.
The RegisterDefaultAliasSafe
allow you to register some class that we consider safe such as Array
, Enum
, int
Let me know if you need more information.
Best Regards,
Jon
First of all, congratulations on this impressive library. I don't know if I'm getting the purpose of UnregisterAll right, but is it the expected behavior?
Running this snippet in dotnetfiddle will ouput "/app" to the console.