- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Yeah I think if you just create a GlideRecord object from a respective table (without .insert()-ing or .update()-ing it) and setting a/the script field before passing it into the Evaluator, you potentially could work around that.
Nevertheless, regardless of Glide(Scoped)Evaluator, eval, or any eval-equivalent: if you need to run code on server that is transferred from a client, you should always revise your solution, because basically anyone could send code to the server (any client-side check can be bypassed).
And it wasn't about if your eval-equivalent is syntactically okay, it was the fact that your solution uses something like eval. The use of eval (or anything alike) should always be prevented, especially when it processes basically user input, as it always has the potential of a Code Injection vulnerability (there are very very rare, very very minor exceptions).