Matt Austin
Results
2
comments of
Matt Austin
I was playing with an idea at: https://github.com/matt-/serialize/commit/990674b944c06074ebe2bcebca8bcac7e3407ee7 It validates with esprima to make sure the value is a FunctionExpression not a CallExpression.
My last comment (and exploit example) in that one is with the esprima changes in place... that on just evals the entire string.. It will be super hard for them...