feat: add option to disallow code generation from strings #144
Conversation
anonrig
force-pushed
the
enable-disallow-code-generation-from-strings
branch
from
9f6ec36
to
c69effe
Compare
|
Thanks! can you add documentation for this? |
anonrig
force-pushed
the
enable-disallow-code-generation-from-strings
branch
from
c69effe
to
a8f47a6
Compare
I updated the README with the newly added option. Let me know if there's anything missing, and thanks for the review @kibertoad |
|
well this would break fast-json-stringify and all dependents on it. |
I'll open a different pull-request and enable it there. The default value is |
| @@ -110,12 +115,23 @@ jobs: | |||
| matrix: | |||
| node-version: ${{ fromJson(inputs.node-versions) }} | |||
| os: [macos-latest, ubuntu-latest, windows-latest] | |||
| disallow-code-generation-from-strings: ${{ inputs.check-disallow-code-generation-from-strings == true && ['true', 'false'] || ['false'] }} | |||
There was a problem hiding this comment.
Is this the simplest way to express this? Apologies for ignorance but I find this expression hard to follow without a comment, I wonder if other readers if this code feel the same.
| @@ -110,12 +115,23 @@ jobs: | |||
| matrix: | |||
| node-version: ${{ fromJson(inputs.node-versions) }} | |||
| os: [macos-latest, ubuntu-latest, windows-latest] | |||
| disallow-code-generation-from-strings: ${{ inputs.check-disallow-code-generation-from-strings == true && ['true', 'false'] || ['false'] }} | |||
There was a problem hiding this comment.
Is this the simplest way to express this? Apologies for ignorance but I find this expression hard to follow without a comment, I wonder if other readers if this code feel the same.
|
Dont get me wrong, but I would expect this as a npm script. |
| @@ -130,7 +146,7 @@ jobs: | |||
| run: npm i --ignore-scripts | |||
|
|
|||
| - name: Run tests | |||
| run: npm test | |||
| run: NODE_OPTIONS="${{ steps.node-flags.outputs.flags }}" npm test | |||
There was a problem hiding this comment.
I would expect this as a different job, not as an edit of this one.
There was a problem hiding this comment.
I didn't understand. Since it is in a matrix config, it will run 2 different jobs. 1 for false value, and one for true. (or only 1 if it's not enabled)
evalandnew Functionis not available on platforms such as Cloudflare workers. This option will add support for disabling and testing environments where code generation from strings are not available.