Nathan Vander Wilt
Nathan Vander Wilt
I dealt with some annoying eval-like stuff in https://github.com/natevw/ddoc/blob/master/index.js#L19 — the string munging solution there is pretty lame and I'm not sure if it's relevant since it looks like I...
Yeah, this seems tricky. Replacing semicolons with commas would work in some of the cases, but to do it right you'd still need to parse and so at that point...
To reiterate the discussion on #14, the unfettered use of `eval` is NOT okay — it's just as dangerous as the built-in `Function`. The reason is calling built-in eval through...
The discussion here got interspersed with various discussion of unpatched bypasses, so I thought I'd summarize where this ticket is at: No one has proposed an correct-but-tiny way of doing...
Really old thread, but after reviewing this I'm still inclined to leave this limitation in place unless a reliable but simple trick is found. I think these workarounds are acceptable...
For just one other example: https://www.w3.org/TR/html5/webappapis.html#internal-raw-uncompiled-handler
That could work, but if it's letting you redefine those kind of globals, in general now that the iframe is there (and most likely to stay!) it might actually be...
I was after a complete container, i.e. no access to outside world via XHR/JSONP/form/img/etc. And yeah, you probably need async cross-window messaging if the origins aren't the same. If you...
Hi sorry for the delay on this. I think this is a good start and a reasonable approach overall, but have lots of specific feedback I'll add on the PR...
Hi @flipsa, thanks for this report though I must admit I'm a bit puzzled. The only FAT-related field might be the `VolLab` but I don't recall that is even being...