How to execute any string as source code in runtime?

Ok. A bit safer.

I have never really considered the implications of eval or Function() much. What with never needing to evaluate source code like that in anything I have done.

Seems to me tough that the problem with all this is not that eval or Function are insecure in themselves. The problem is when one is wanting to evaluate stings as source when those strings come from some totally unknown, untrusted, source. Much the same as running random binary executables, laden with malware, that one has snagged off the net or installing the from an App Store.

Javascript gets a lot of stick for insecurity, but it looks to me as if it is not Javascript's fault, it's only a language right, rather the browser environment it traditionally runs in, which seems to have been designed to be maximally insecure from the get go.

Not really relevant to a Rust forum but ...

JavaScript started out with a lot of security problem, such as the ability for arbitrary code to change the definition of just about anything. The ECMAScript committee has been addressing those problems with things such as let and use strict with more improvements on the way. You can now be quite secure, especially if you use a subset of the latest standard.

In 99% of use cases it is better to use Rust, but Dyon was created specifically for that 1%, when we just need to execute a script at runtime. It was originally meant for the Piston game engine, but later got used even outside of Piston, in that miniscule amount of use cases when we just need to interpret a string of commands at runtime, without pulling in the entire Rust compiler along with Cargo dependencies.