Frontmatter
| id | 1825 |
| title | change binding formatters from strings to functions |
| state | Closed |
| labels | enhancement |
| assignees | tobiu |
| createdAt | Apr 20, 2021, 12:21 PM |
| updatedAt | Apr 20, 2021, 12:24 PM |
| githubUrl | https://github.com/neomjs/neo/issues/1825 |
| author | tobiu |
| commentsCount | 0 |
| parentIssue | null |
| subIssues | [] |
| subIssuesCompleted | 0 |
| subIssuesTotal | 0 |
| blockedBy | [] |
| blocking | [] |
| closedAt | Apr 20, 2021, 12:24 PM |
This is a rather big topic. Actually a breaking change, so this would be neo v2.
To get rid of our only know security issue:
fn = new Function('data', 'return' + formatter + ';');we should replace binding formatter strings with functions.
While we can not convert a template literal to a string, we can definitely use
myFunction.toString().