Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 056001d

Browse filesBrowse files
jakobkummerowMylesBorins
jakobkummerow
authored and
MylesBorins
committed
deps: cherry-pick 0bcb1d6f from upstream V8
Original commit message: Introduce --disallow-code-generation-from-strings Exposing the existing Context::AllowCodeGenerationFromStrings(false) API to the command line. Bug: v8:7134 Change-Id: I062ccff0b03c5bcf6878c41c455c0ded37a1d743 Reviewed-on: https://chromium-review.googlesource.com/809631 Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#49911} PR-URL: #18212 Refs: v8/v8@0bcb1d6 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Gus Caplan <me@gus.host>
1 parent ae2dabb commit 056001d
Copy full SHA for 056001d

File tree

Expand file treeCollapse file tree

4 files changed

+17
-1
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

4 files changed

+17
-1
lines changed
Open diff view settings
Collapse file

‎common.gypi‎

Copy file name to clipboardExpand all lines: common.gypi
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@
2727

2828
# Reset this number to 0 on major V8 upgrades.
2929
# Increment by one for each non-official patch applied to deps/v8.
30-
'v8_embedder_string': '-node.20',
30+
'v8_embedder_string': '-node.21',
3131

3232
# Enable disassembler for `--print-code` v8 options
3333
'v8_enable_disassembler': 1,
Collapse file

‎deps/v8/src/bootstrapper.cc‎

Copy file name to clipboardExpand all lines: deps/v8/src/bootstrapper.cc
+5Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5299,6 +5299,11 @@ Genesis::Genesis(
52995299
if (!InstallDebuggerNatives()) return;
53005300
}
53015301

5302+
if (FLAG_disallow_code_generation_from_strings) {
5303+
native_context()->set_allow_code_gen_from_strings(
5304+
isolate->heap()->false_value());
5305+
}
5306+
53025307
ConfigureUtilsObject(context_type);
53035308

53045309
// Check that the script context table is empty except for the 'this' binding.
Collapse file

‎deps/v8/src/flag-definitions.h‎

Copy file name to clipboardExpand all lines: deps/v8/src/flag-definitions.h
+2Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -732,6 +732,8 @@ DEFINE_BOOL(expose_trigger_failure, false, "expose trigger-failure extension")
732732
DEFINE_INT(stack_trace_limit, 10, "number of stack frames to capture")
733733
DEFINE_BOOL(builtins_in_stack_traces, false,
734734
"show built-in functions in stack traces")
735+
DEFINE_BOOL(disallow_code_generation_from_strings, false,
736+
"disallow eval and friends")
735737

736738
// builtins.cc
737739
DEFINE_BOOL(allow_unsafe_function_constructor, false,
Collapse file

‎deps/v8/test/mjsunit/disallow-codegen-from-strings.js‎

Copy file name to clipboard
+9Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
// Copyright 2017 the V8 project authors. All rights reserved.
2+
// Use of this source code is governed by a BSD-style license that can be
3+
// found in the LICENSE file.
4+
5+
// Flags: --disallow-code-generation-from-strings
6+
7+
assertThrows("1 + 1", EvalError);
8+
assertThrows(() => eval("1 + 1"), EvalError);
9+
assertThrows(() => Function("x", "return x + 1"), EvalError);

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.