safer-eval is a node JS library that supposedly provides a 'safe' way to 'eval' untrusted javascript.
As the maintainer warns in the README:
Warning: The saferEval function may be harmful - so you are warned!
However, it is still used by various libraries to parse/execute untrusted code in such a way that there is an implied
GCHQ Stroom is vulnerable to Cross-Site Scripting due to the ability to load the Stroom dashboard on another site and insufficient protection against window event origins.
Launch Stroom and assign it a hostname like stroom.my-company.com, then log in.
| import tutorial | |
| from Person t | |
| where t.getHeight() > 150 and | |
| t.getHairColor() != "blond" and | |
| exists (string c | t.getHairColor() = c) and | |
| t.getAge() >= 30 and | |
| t.getLocation() = "east" and | |
| (t.getHairColor() = "black" or t.getHairColor() = "brown") and | |
| not (t.getHeight() > 180 and t.getHeight() < 190) and |