Giter VIP home page Giter VIP logo

liyad's Issues

Fitness for untrusted contents?

Hi! This looks like a really awesome library, and I'm hoping I can try it out. I was especially interested by the claim in the readme:

Secure execution for untrusted contents
No host environment's symbols are accessible from evaluated user contents by default.
Malicious codes can not make a serious attack

However, using the example from https://github.com/shellyln/liyad#build-your-new-dsl , and even after removing all presets other than defaultConfig and installCore() , I can still access a lot:

const {	SExpression,
		defaultConfig,
		installCore,
	} = require('liyad')

let config = Object.assign({}, defaultConfig)
config = installCore(config)
let parse = SExpression(config)
let obj = {}

let fn1 = parse(`( -> (match) 
		(::match:constructor:prototype:foo= 1)
	)`)
fn1({})
console.log(obj.foo) //1

let fn2 = parse(`( -> (match) 
		(::match:constructor@assign ::match:constructor:prototype (# ("bar" 2)) )
	)`)
fn2({})
console.log(obj.bar) //2

Is there another way you would recommend using this to accept user-defined functions/predicates to apply to some data? Perhaps overriding the $get/$call functions to only access/call object properties that are "ownProperties" of the object in question?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.