Comment by alexpovel

2 years ago

It's currently whitelist-based [0]. The downside is larger (code) size. The upside is simplicity. I imagine a blacklist could also work well, at smaller size but with more preprocessing needed.