This could be used in a javascript SQL injection attack:


create or replace function
js(src text) returns text as $$
  return eval(
  "(function() { " + src + "})"
  )();
$$ LANGUAGE plv8;

code info by craig kerstiens PostgreSQL curator

polonus