MHLoppy@fedia.io to Programmer Humor@programming.dev · 7 months agoisInHell = 'true'fedia.ioimagemessage-square82fedilinkarrow-up1681arrow-down14file-text
arrow-up1677arrow-down1imageisInHell = 'true'fedia.ioMHLoppy@fedia.io to Programmer Humor@programming.dev · 7 months agomessage-square82fedilinkfile-text
minus-squarepHr34kY@lemmy.worldlinkfedilinkarrow-up6·7 months agoThe backend and frontend on the product I work on are like this. As long as you remember that booleans are not strings and should always be parsed if they are, this won’t be a problem. I am yet to see a boolean.parse() implementation in the wild that is case sensitive.
minus-squarecomputergeek125@lemmy.worldlinkfedilinkEnglisharrow-up2·7 months agoThe could be using .js and .py files directly as config files and letting the language interpreter so the heavy lifting. Just like ye olde config.php. And yes this absolutely will allow code injection by a config admin.
The backend and frontend on the product I work on are like this.
As long as you remember that booleans are not strings and should always be parsed if they are, this won’t be a problem.
I am yet to see a boolean.parse() implementation in the wild that is case sensitive.
The could be using .js and .py files directly as config files and letting the language interpreter so the heavy lifting. Just like ye olde config.php.
And yes this absolutely will allow code injection by a config admin.