I am making a graphing calculator, and need a fast way to run a user inputted mathematical function (e.g. y = x^3 + 2).
Previously I was using the math.js evaluate function, however this was very slow. Now I have switched to using the JavaScript new Function() constructor, to generate a JavaScript function based on user input, however I am concerned about the security implications. If I parse any input using math.js, and ensure it is a valid mathematical expression that will not throw any errors in math.js, is there any possible scenario where this could still cause security concerns?
