Reviewers: Mads Ager, Description: Restrict application of eval so it can only be used in the context of the global object. For compatibility.
Please review this at http://codereview.chromium.org/10748 SVN Base: http://v8.googlecode.com/svn/branches/bleeding_edge/ Affected files: M src/v8natives.js M test/cctest/test-api.cc Index: test/cctest/test-api.cc =================================================================== --- test/cctest/test-api.cc (revision 754) +++ test/cctest/test-api.cc (working copy) @@ -4078,6 +4078,14 @@ "with({x:2}){other.eval('x+y')}")); result = script->Run(); CHECK_EQ(3, result->Int32Value()); + + // Check that you cannot use 'eval.call' with another object than the + // current global object. + v8::TryCatch try_catch; + script = + Script::Compile(v8_str("other.y = 1; eval.call(other, 'y')")); + result = script->Run(); + CHECK(try_catch.HasCaught()); } Index: src/v8natives.js =================================================================== --- src/v8natives.js (revision 754) +++ src/v8natives.js (working copy) @@ -105,6 +105,11 @@ function GlobalEval(x) { if (!IS_STRING(x)) return x; + if (this !== %GlobalReceiver(global)) { + throw $EvalError('The "this" object passed to eval ' + + 'must be the global object from which eval originated'); + } + var f = %CompileString(x, 0, true); if (!IS_FUNCTION(f)) return f; --~--~---------~--~----~------------~-------~--~----~ v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev -~----------~----~----~----~------~----~------~--~---
