Comments (2)
This is a misunderstanding. Note that the help/documentation of the option says
--js.allow-eval=true|false Allow or disallow code generation from strings, e.g. using eval().
Your example invokes eval()
with a number argument. When eval()
is invoked with non-string argument then this argument becomes the return value (and no "code generation from string" occurs). Try eval("600+16")
instead of eval(600+16)
to see the difference.
from graaljs.
This is a misunderstanding. Note that the help/documentation of the option says
--js.allow-eval=true|false Allow or disallow code generation from strings, e.g. using eval().
Your example invokes
eval()
with a number argument. Wheneval()
is invoked with non-string argument then this argument becomes the return value (and no "code generation from string" occurs). Tryeval("600+16")
instead ofeval(600+16)
to see the difference.
Wow, I can't believe I missed that. I totally get what the doc says now, thank you! I don't know if it'd be worth adding examples to the doc to avoid this kind of misunderstandings, although I think my ESL is what's mostly to blame.
For all intents and purposes if eval cannot evaluate strings, that should be enough to satisfy my "disallow using eval" requirement as I can't come up with a scenario where evaluating non-string arguments with eval might result in a security concern, as usual though, there might be.
Anyways, thank you again, I appreciate the clarification :)
from graaljs.
Related Issues (20)
- Get (heap) memory usage information
- "ab".split(/(?:ab)*/) crashes graaljs HOT 1
- Losing double type when returning 1.0 from JS HOT 1
- Polyglot version compatibility check failed on GraalVM for JDK 22 Community 22.0.0
- Expose wrapPromise and Thenable in the GraalJS public API
- No org.graalvm.js:js version 24.0.0 on Maven Central? HOT 4
- No language for id regex found, Supported languages are: [js] HOT 2
- Support for Node.js `http` and `fs` modules in GraalJS HOT 1
- Can not resolve NodeJS Promise Concurrently from Java Side HOT 6
- GraalJS should support Ahead-of-Time(AOT) compilation to Native binary like GraalPy.
- nodejs c-addon seems to leak HOT 1
- Provide the WinterCG minimum common API HOT 1
- Does not find values from the global context HOT 4
- 'GraalJSEngineFactory could not be instantiated' on JDK22 HOT 1
- Extending a Java class in Javascript without using Java.extend HOT 4
- Add instructions for enabling usage of Java
- Wildcards in classpath do not work anymore HOT 1
- "10".match(/a*/g) crashes graaljs HOT 3
- Graal JS Script Engine is very slow compared to Rhino HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from graaljs.