0

I have an application which lets clients eval() their code but I don't what that they make any kind of call to server(ajax).

Improve this question
3
  • If you can, don't check if there's an ajax call but remove the eval() altogether. Commented Apr 1, 2012 at 12:02
  • Not sure what you want to know..... Commented Apr 1, 2012 at 12:02
  • the eval() function can't be removed Commented Apr 1, 2012 at 12:03

1 Answer 1

Reset to default
2

First, you probably shouldn't let clients eval code.

Second, even if you put some most sophisticated javascript filters in your app, that's not gonna prevent anything. A user can run any javascript in the console, and there's nothing you can do about it. Except for placing checks on server-side.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.