I have a web app that accepts JS plugins. That is, JavaScript code that someone else wrote that the user wants to load into my app.
Currently I am using eval() to evaluate their JS code into the runtime, but I know thats not secure. Is there a better method than eval() for doing this?
To be clear, the user is pointing me to a dry text file, and that JS in the file needs to come to life somehow.
from Safe/secure way to load plugins into web app
No comments:
Post a Comment