|
|
|
|
|
|
by SV_BubbleTime
1747 days ago
|
|
|
That’s fair. But there needs to be a point somewhere that you just get work done. I absolutely agree that runtimes, frameworks, and server code should do a better job at trust and sanitization, but you will always get to a point where if you want to get something done, you need to do the work. I guess I’m skeptical that eval() or runtime.exe could or even should take in lists and configs of what the code is allowed to do and monitor for it during execution. It seems like doing that would add countless issues and complexity, but more so just kick the can down the code to another layer with the same eventual issue. |
|
|