Commit 0bcb1d6f authored by Jakob Kummerow's avatar Jakob Kummerow Committed by Commit Bot

[flags] Introduce --disallow-code-generation-from-strings

Exposing the existing Context::AllowCodeGenerationFromStrings(false) API
to the command line.

Bug: v8:7134
Change-Id: I062ccff0b03c5bcf6878c41c455c0ded37a1d743
Reviewed-on: https://chromium-review.googlesource.com/809631Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49911}
parent 75c1c6c6
......@@ -5484,6 +5484,11 @@ Genesis::Genesis(
if (!InstallDebuggerNatives()) return;
}
if (FLAG_disallow_code_generation_from_strings) {
native_context()->set_allow_code_gen_from_strings(
isolate->heap()->false_value());
}
ConfigureUtilsObject(context_type);
// Check that the script context table is empty except for the 'this' binding.
......
......@@ -759,6 +759,8 @@ DEFINE_BOOL(builtins_in_stack_traces, false,
"show built-in functions in stack traces")
DEFINE_BOOL(enable_experimental_builtins, true,
"enable new csa-based experimental builtins")
DEFINE_BOOL(disallow_code_generation_from_strings, false,
"disallow eval and friends")
// builtins.cc
DEFINE_BOOL(allow_unsafe_function_constructor, false,
......
// Copyright 2017 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --disallow-code-generation-from-strings
assertThrows("1 + 1", EvalError);
assertThrows(() => eval("1 + 1"), EvalError);
assertThrows(() => Function("x", "return x + 1"), EvalError);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment