On the contrary, `eval` is used so little in real code that it's easy to detect.... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		RussianCow on July 12, 2018 \| parent \| context \| favorite \| on: ESLint compromised, may have stolen your credentia... On the contrary, `eval` is used so little in real code that it's easy to detect. A tiny, obfuscated VM would be much more difficult.

mygo on July 13, 2018 [–]

‘eval’ is not trivial to detect when it’s

window[rot13("riny")]("console.log('lol')");

or one of the many other ways to obfuscate eval

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact