Comments (2)
It looks like indexedDB is well supported, so I'll use that instead. If you would like to answer, it would be interesting to know...
from devalue.
Not sure why I was mentioned here (I never worked on this project afaik) but to answer your question:
user-supplied input should never be completely / blindly trusted.
Any script running in the same context can manipulate the locally saved data. CSP and checks can help to prevent a few cases. But it does not prevent that a user or some other codes manipulates it which can lead to some interesting cases.
So far I do not see or understand the reason why you need eval here at all. If the data has to be in a specific format you could use JSON schema or some other structural validation approach.
from devalue.
Related Issues (20)
- Creating A Dictionary For JSON Keys? HOT 1
- How to actually recover value form stringified form? HOT 1
- Support a `.toJSON`-like interface
- Error - No "exports" main defined in /var/task/node_modules/devalue/package.json HOT 5
- Error with certain build setups: No known conditions for "." entry in "devalue" package
- update example-link in description HOT 3
- [Feature request] How about serializing arbitrary class instances? HOT 1
- [Feature request] Improve TypeScript support
- don't throw an error on invalid dates when using `stringify` HOT 1
- [Feature request] some means to specify properties that should not be seralized - e.g. Symbol properties HOT 2
- `.uneval()` does not handle nested maps properly
- Allow `ReadableStream`s for `parse`
- Can the new line character appear in the serialized string?
- [meta] invalid JSON test is broken on Node 20
- Symbol descriptions are printed literally
- devalue is too strict about what can be serialized with custom types
- Support for async revivers
- What is the difference between devalue and superjson?
- Why can't symbolic keys be stringified?
- [Feature Request] Support URLs
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from devalue.