How can I make external code 'safe' to run? Just ban eval()?

Question

I\'d like to be able to allow community members to supply their own javascript code for others to use, because the users\' imaginations are collectively far greater than any

Answer 1

Filtering out eval probably doesn't work. I imagine that you could hack round it like this: window['ev' + 'al']('alert("hello world");');. You could of course replace the eval function...