OnSuccess/OnFailure properties as part of the rule - Security Issue

Question

OnSuccess/OnFailure properties as part of the rule - Security Issue

Meenakshise opened this issue 2 years ago · 0 comments

There are 2 properties like Onsuccess and Onfailure property which can be a javascript function delegate and it is part of the rule right?

onSuccess: function(event,almanac) { console.log('hello success') },
onFailure : function(event,almanac) { alert('hello failed') }

Is it safe to store this as part of the rule in the database. Because the rule comes from the server to the client this script can be tampered by the hacker and we would end up executing a malicious script. Is that right?

Or Is my understanding wrong? Please confirm