Mickael van der Beek

This tutorial saved my marriage and I'm not even married.

Well both `Symbol` and `Reflect` are not exposed to the Evel sandbox scope so that shouldn't change anything. Or did you ask the question in case one or both of...

@natevw Those are indeed leaked through the syntax as well. e.g: `(function*(){}).constructor('yield this')().next().value.alert(1)` and `(async function(){}).constructor('this.alert(1);')()` Even though code execution is possible, it's not possible to pop an alert box...

It also seems like Caja has had similar issues recently: http://blog.bentkowski.info/2017/11/yet-another-google-caja-bypasses-hat.html

@yaakov123 Probably. It's a bit risky though since IP addresses could change after the application has been run. Usually the custom lookup is used for two reasons: - performance; where...

I would probably block any calls to Hagana coming from the library directory outside of Hagana's directory itself.

I encountered the same issue and managed to fix it. During the NPM install phase, the binary that is downloaded by `ngrok` depends on the result of the calls `os.platform()`...