Nathan Vander Wilt
Nathan Vander Wilt
Any particular reason React Native didn't make the list?
Evel'ing this successfully returns a Promise: ``` import('test') ``` Testing in Chrome 80, the promise gets rejected with an `Error: Cannot import module from an inactive browsing context.` but it's...
This code (borrowed from @mathiasbynens's clever [`globalThis` polyfill](https://mathiasbynens.be/notes/globalthis)) is able to return the window object (of the iframe): ``` (function() { //if (typeof globalThis === 'object') return; Object.defineProperty(Object.prototype, '__magic__', {...
E.g. does the Reflect API (intro here: http://blog.keithcirkel.co.uk/metaprogramming-in-es6-part-2-reflect/) change anything? `new.target`? Anything else?
ES6 adds many new globals, and we have a hardcoded list :-( Note that some, like `Reflect` may expose new functionality that needs to be reviewed, see #25.
Might be worth making clear that passing any sort of DOM object to the untrusted script is dangerous e.g. script injection via `.innerHTML` and probably many more avenues…. (Although, how...
Right now there's a difference between `evel('XMLHttpRequest')` and `evel('XMLHttpRequesy')` [sic] — the former returns `undefined` while the latter throws a `ReferenceError`. I suspect the only way to do that would...
Web workers have a different name for their global context. We should handle this in our strict-mode global finding case.
There are a few non-standard extensions in the JS whitelist that probably don't need to be there (`uneval` for one!) I don't want to take too many "extras" away (e.g....