but they are ineffectual & doing amazing amounts of damage in their grasp to give us this pretend fake security. I believe they want to do something good too. with that, this v3 announcement is a week too late to hold even a drop of water. there's industrial grade js machinery we can run, free from these constraints, nested inside the web platform. but since that time, we've had a big announcement that wizer can now run spidermonkey js engine in webassembly. about a week ago maybe even it would have sounded ok. Surely the people pitching these so called security measures grok just how many dump trucks of nonsense these so called protections they offer us are. > You might be working in a JavaScript environment where eval() isn't allowed (and you have a genuinely good reason why you want to use it). Or take evaljs and preload in some html functions! This would need to be extended with some html constructs. A more simple, secure, and faster web browser than ever, with Googles smarts. There was a simpler example on hn within the last week or two, but for example, json-rules-engine demonstrates how json might be a dynamic program, without ever needing to call eval or Function dynamic code: Tampermonkey is a userscript manager extension for Android, Chrome. so the only people hurt are the regular humans. It just seems so trivial to me too build a small interpreted system that circumvents the "no dynamic JavaScript" rule.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |