Skip to content

Latest commit

 

History

History
69 lines (48 loc) · 2.84 KB

README.md

File metadata and controls

69 lines (48 loc) · 2.84 KB

punyexpr 🦴

Node.js CI Mutation Testing Package Quality Known Vulnerabilities punyexpr punyexpr install size MIT License

A minimalist (4955 bytes) expression compiler and evaluator.

Live demo

https://arnaudbuchholz.github.io/punyexpr/samples/calc.html

Usage

1. Include the punyexpr helper

<script src="https://cdn.jsdelivr.net/npm/punyexpr/dist/punyexpr.js"></script>

2. Compile an expression

const incValue = punyexpr('value + 1')

3. Evaluate the expression

incValue({ value: 1 }) // 2

Use with punybind@>=1.2.0

const safebind = punybind.use({
  compiler: punyexpr
 })
// Use safebind to bind HTML

Implementation notes

  • Regular expressions are not secure and are not allowed by default

  • Leverage the option { regex: true } to enable regular expressions using the default JavaScript implementation:

const unsecure = punyexpr('value.match(/a+b/)', { regex: true })
  • Or plug any custom regular expression builder using { regex: (pattern, flags) => { /* */ } }
const unsecure = punyexpr('value.match(/a+b/)', { regex: (pattern, flags) => new RegExp(pattern, flags) })
  • Check the source for the (altered and) implemented grammar,
    in particular the following are not supported :
    • Bitwise, async and coalesce operations
    • new and this
    • Object literals
  • See the tests for supported expressions.
  • The implementation is compliant with Content Security Policy.