[yawnxyz]

security nightmare; sometimes you don't want consumers to execute code arbitrarily

[kevin_thibedeau]

This is what makes Tcl great as a data interchange format. It comes with a safe mode for untrusted code and you can further restrict it to have no control flow commands to be non-Turing.

[moralestapia]

Not true. Google, Meta, ... do it at a massive scale, no issues.

It's not really hard to protect yourself against that.

Any (competent) security guy can give you like 4 ways to implement it properly.

[hifromwork]

I am a (hopefully competent) security guy, please don't run arbitrary code if you can help it. Especially for something as trivial as JSON patching.

[rererereferred]

Do you mean the ads they serve that contain malware?

[crabmusket]

Ok hear me out, what if my API accepts WASM fragments that I run against my database but in a sandbox!