The users already have a javascript repl with the same abilities and permissions as the cljs repl you give them.
On Sun, Sep 25, 2016 at 12:05 AM, mars0i <[email protected]> wrote: > A good rule of thumb: One should worry that giving end-users access to a > full-fledged eval function can be dangerous, because users can then do > anything that the language can do, and cause damage to their own system or > to others'. > > There are numerous Clojurescript repls embedded in public web pages, so > this apparently isn't a problem (or it's a problem that can easily be > avoided). > > My hypothesis is that browser repls aren't considered problematic because > the repl is running in a browser on the user's machine, so that the worst > that they can do is cause damage to themselves. Still, one could imagine > someone telling an uninformed person to do something that would be bad for > their system. (Is it not possible to do file io, for example, from a > browser repl?) > > I'm going to be working on a small web page in which it would be helfpul > to let users define Clojurescript functions that affect output on the > page. So I started to worry about whether there are dangers that I need to > avoid. It might be simplest to simply give users access to a repl, but I > could also process their definitions myself, passing them to eval, for > example. > > Please feel free to simply point me to a useful discussion of this issue > on the web, and we can end this thread early. :-) > > -- > Note that posts from new members are moderated - please be patient with > your first post. > --- > You received this message because you are subscribed to the Google Groups > "ClojureScript" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/clojurescript. > -- Note that posts from new members are moderated - please be patient with your first post. --- You received this message because you are subscribed to the Google Groups "ClojureScript" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/clojurescript.
