- From: Gerd Wagner <wagnerg@tu-cottbus.de>
- Date: Mon, 17 Oct 2011 21:28:37 +0200
- To: public-games@w3.org
>> Our use cases are not related to module handling. We have sims/games >> where the user/player can enter her own code for expressions and >> functions at run time. > Ok, but you see the security/privacy issue there right? As far as I can see, there is only an issue (viz. code injection) if the eval'uation of user input is done on the server-side. Why should there be a security/privacy problem created by user input when the entered code is executed on the user's own computer/environment? Of course, eval may have been abused a lot by bad JS programmers for things for which it's not really needed. But there are also some use cases where it is needed, and it would be a pitty if this powerful feature would be dropped from JS (which would decrease its dynamic character). -Gerd
Received on Monday, 17 October 2011 19:29:12 UTC