@bluca @pid_eins @phako Most people can't think adversarially when writing code, which means using js to configure access to a high privileges is very risky. And can't be easily checked for correctness.
If you do anything more complex than just assigning variables you risk opening huge holes by not paying attention at how things are evaluated.