Restrict application of eval so it can only be used in the context of the...

Restrict application of eval so it can only be used in the context of the global object. For compatibility. Review URL: http://codereview.chromium.org/10748 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@757 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Restrict application of eval so it can only be used in the context of the...
Restrict application of eval so it can only be used in the context of the global object. For compatibility. Review URL: http://codereview.chromium.org/10748 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@757 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2173d214 · olehougaard · 1555d130 · 2173d214 · 2173d214
Commit 2173d214 authored Nov 14, 2008 by olehougaard
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 0 deletions

v8natives.js src/v8natives.js +5 -0

test-api.cc test/cctest/test-api.cc +8 -0

No files found.
--- a/src/v8natives.js
+++ b/src/v8natives.js
@@ -105,6 +105,11 @@ function GlobalParseFloat(string) {
 function GlobalEval(x) {
  if (!IS_STRING(x)) return x;
+  if (this !== %GlobalReceiver(global)) {
+    throw $EvalError('The "this" object passed to eval ' + 
+                     'must be the global object from which eval originated');
+  }
  var f = %CompileString(x, 0, true);
  if (!IS_FUNCTION(f)) return f;

--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -4078,6 +4078,14 @@ THREADED_TEST(CrossEval) {
                                      "with({x:2}){other.eval('x+y')}"));
  result = script->Run();
  CHECK_EQ(3, result->Int32Value());
+  // Check that you cannot use 'eval.call' with another object than the
+  // current global object.
+  v8::TryCatch try_catch;
+  script =
+      Script::Compile(v8_str("other.y = 1; eval.call(other, 'y')"));
+  result = script->Run();
+  CHECK(try_catch.HasCaught());
 }