[v8-dev] Issue 1258 in v8: V8 should expose an API to disable eval and other APIs that convert strings to code

codesite-noreply Thu, 17 Mar 2011 11:08:59 -0700

Status: New
Owner: ----

New issue 1258 by [email protected]: V8 should expose an API to disableeval and other APIs that convert strings to code

http://code.google.com/p/v8/issues/detail?id=1258


We'd like to implement Content Security Policies in Chrome:

https://dvcs.w3.org/hg/content-security-policy/raw-file/1a29ed0d9fdc/csp-specification.dev.html

One of the requirements is that (under some circumstances), the user agentmust prevent strings from being converted to ECMAScript code:


https://dvcs.w3.org/hg/content-security-policy/raw-file/1a29ed0d9fdc/csp-specification.dev.html#code-must-not-be-created-from-strings

In order to implement this requirement, we need a V8 API to diable eval andother ECMAScript APIs that convert strings into code (e.g., the Functionconstructor).


Thanks!

--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

[v8-dev] Issue 1258 in v8: V8 should expose an API to disable eval and other APIs that convert strings to code

Reply via email to