On Sun, May 5, 2013 at 9:04 AM, Andrew Petersen <[email protected]> wrote:
> If I do in REPL:
>
> ````
>> f = Function('a', 'b', 'c', 'd', 'e', "console.log('what what')")
> [Function]
>> f.toString()
> 'function anonymous(a,b,c,d,e\n/**/) {\nconsole.log(\'what what\')\n}'
> ````
>
> Notice how the function arguments have an extra /**/ in them? Not sure where
> this is coming from, but it broke a few (admittedly fragile) tests of mine.
> Is this change going to stick for sure in 0.11, or only temporary? Is there
> anymore info as to why this is happening?
>
> This happens in the REPL or in plain code, and does not occur in 0.6, 0.8,
> or 0.10.
It's because of [1] and [2]. It's hardening against arbitrary code
execution from inside the Function constructor:
$ v0.10/node -e 'Function("", "});console.log(\"OWNED\");(function(){")'
OWNED
$ master/node -e 'Function("", "});console.log(\"OWNED\");(function(){")'
undefined:4
})
^
SyntaxError: Parse error
at Function (<anonymous>)
I'm not sure if the change in the toString() output should be
considered a regression; I believe the spec only mandates that the
result can be evaluated with eval(). Please open a V8 issue if you
feel strongly about it. :-)
[1] https://code.google.com/p/v8/issues/detail?id=2470
[2] https://github.com/v8/v8/blob/762ba9c/src/v8natives.js#L1707-1713
--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
