eval not in SAFE_GLOBALS

[matthewjh]

Hi, nice library!

I had to use Function instead of eval, as the evaluator would throw eval is not defined. Indeed, eval is missing from the SAFE_GLOBALS list:

SandboxJS/build/SandboxExec.js

Line 41 in f3168a8

static get SAFE_GLOBALS() {

.

This is odd as the Readme file states eval is a "safe global" by default.

[SimoTod]

It says the opposite. This library offers a safe alternative to eval. If you start using the native eval, you don't need this library.

[matthewjh]

I think you're missing my point. "eval" is listed as a global which is safely made available within the sandbox, along with Function ctor etc.. I'm talking about the symbols made available within the sandbox to the sandboxed code, which is what the list refers to, right?

I want to be able to safely execute code in the sandbox that itself uses eval. Function instead of eval works fine, so this appears to be a bug or oversight.

https://github.com/nyariv/SandboxJS?tab=readme-ov-file#safe-globals

Safe Globals

Function
eval
console
isFinite
isNaN
parseFloat
parseInt
decodeURI
decodeURIComponent
encodeURI
encodeURIComponent
escape