Y
Hacker News
new
|
ask
|
show
|
jobs
by
tptacek
338 days ago
Again: we do not. Front-end code relies in a bunch of ways on eval and it's equivalents. What we don't do is pass filtered/escaped untrusted strings directly to those functions.