Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Viability as an Expression/Predicate Interpreter? #250

Closed
pha3z opened this issue Mar 24, 2023 · 1 comment
Closed

Viability as an Expression/Predicate Interpreter? #250

pha3z opened this issue Mar 24, 2023 · 1 comment

Comments

@pha3z
Copy link

pha3z commented Mar 24, 2023

I was looking for a tool that I could use safely in business logic to evaluate expressions & predicates with no risk of code execution that can interact with the browser.

I notice the documentation says JS-Interpret can't interact with the DOM, but I notice the live demo page executes an "alert()"!

I'm curious to know why "alert()" is allowed... and really why anything like it would be allowed? And is there a place in source code to see audit all of the functions that interact with the browser itself?

I would want to rip out everything that doesn't constitute simple expressional logic with boolean, numeric, or string results.
@NeilFraser
Copy link
Owner

JS-Interpreter has no native ability to affect the DOM, the browser environment, or the system. That includes alert. However, the demos of JS-Interpreter specifically add an interface to call alert as part of their configuration.

You can see that here where an Interpreter is created, but with alert added:

https://github.com/NeilFraser/JS-Interpreter/blob/master/index.html#L29

      myInterpreter = new Interpreter(code, initAlert);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@NeilFraser @pha3z