But I doubt it can be full proof without runtime’s help.
I found a way: AST filtering with rewriting. So that “obj[key]” will get rewritten to “safeEval.get(obj, key)”. That is now part of my TODO list for “@doodad-js/safeeval”. For the moment, I block the dynamic property accessor operator (“obj[key]”), and the rewriting must be manual.
For the last time, why do you believe opcode filtering can?
Because, at my knowledge, AST filtering is more subject to break than “opcode” filtering. If that’s not the case, please help me to provide a better “safeEval” by reporting issues of my library directly to me. But I doubt it can be full proof without runtime’s help.