You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was looking for a tool that I could use safely in business logic to evaluate expressions & predicates with no risk of code execution that can interact with the browser.
I notice the documentation says JS-Interpret can't interact with the DOM, but I notice the live demo page executes an "alert()"!
I'm curious to know why "alert()" is allowed... and really why anything like it would be allowed? And is there a place in source code to see audit all of the functions that interact with the browser itself?
I would want to rip out everything that doesn't constitute simple expressional logic with boolean, numeric, or string results.
The text was updated successfully, but these errors were encountered:
JS-Interpreter has no native ability to affect the DOM, the browser environment, or the system. That includes alert. However, the demos of JS-Interpreter specifically add an interface to call alert as part of their configuration.
You can see that here where an Interpreter is created, but with alert added:
I was looking for a tool that I could use safely in business logic to evaluate expressions & predicates with no risk of code execution that can interact with the browser.
I notice the documentation says JS-Interpret can't interact with the DOM, but I notice the live demo page executes an "alert()"!
I'm curious to know why "alert()" is allowed... and really why anything like it would be allowed? And is there a place in source code to see audit all of the functions that interact with the browser itself?
I would want to rip out everything that doesn't constitute simple expressional logic with boolean, numeric, or string results.
The text was updated successfully, but these errors were encountered: