Comment by cyberax

Comment by cyberax 10 days ago

0 replies

View on Hacker News

> This sets the bar ludicrously low for "security footgun". If this is a "security footgun" then what is string evaluation in a dynamic scripting language, a "security foot-nuke"?

Not really. Apart from dangerous serialization formats (e.g. Python's "pickle") it's not at all easy to eval a string in modern scripting languages.

String evals are also not widely used anymore.