Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

An allow list for remote modules with Deno.emit() #48

Open
kitsonk opened this issue Apr 22, 2021 · 1 comment
Open

An allow list for remote modules with Deno.emit() #48

kitsonk opened this issue Apr 22, 2021 · 1 comment
Labels
public API suggestion

Comments

@kitsonk
Copy link
Contributor

kitsonk commented Apr 22, 2021

Now using Deno.emit to compile user submitted code that also gets executed could also pose a security issue when allowed to import any http resource. It would be nice if we could have a whitelist of domains that we can pass to the Deno.emit function to secure this.

Originally posted by @EliteScientist in denoland/deno#9866 (comment)
@kitsonk
Copy link
Contributor Author

kitsonk commented Apr 22, 2021

It certainly is worth considering an allow list/block list for Deno.emit() for remote modules, as it might be used in a situation where there is more untrusted code than anticipated.

@GJZwiers GJZwiers mentioned this issue Jun 8, 2022
Closed
@bartlomieju bartlomieju transferred this issue from denoland/deno Jun 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
public API suggestion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kitsonk