Security Consequences of using Eval in a Simple Browser Game

Discussion in 'Javascript/Plugin Support' started by Tsukihime, Oct 21, 2015.

  1. Another Fen

    Another Fen Veteran Veteran

    Messages:
    519
    Likes Received:
    234
    First Language:
    German


    I don't know how MV handles things, but in the RGSS generation it would be often possible for the player to abuse "eval" by manipulating the games savestates.


    In Ruby, you could prevent the evaluation of such "tainted" strings in general by setting an appropriate safemode, JS does support something similar if I remember correctly (of course you shouldn't rely on the safemode alone).


    After all, I can't think of a way where evaluating string constants in particular would cause security issues (other than it's needlessly slow) if you can make sure the code does not allow other strings to be "smuggled" in. On the other hand, I'm not that experienced in the matter, especially when it comes to web applications.
     
    Last edited by a moderator: Mar 13, 2016
    #41

Share This Page