|
|
|
|
|
|
by cyberax
597 days ago
|
|
|
> This sets the bar ludicrously low for "security footgun". If this is a "security footgun" then what is string evaluation in a dynamic scripting language, a "security foot-nuke"? Not really. Apart from dangerous serialization formats (e.g. Python's "pickle") it's not at all easy to eval a string in modern scripting languages. String evals are also not widely used anymore. |
|
|