nodejs
diff --git a/Collapse file
‎doc/api/cli.md‎
Copy file name to clipboardExpand all lines: doc/api/cli.md
+10Lines changed: 10 additions & 0 deletions
Display the source diff
Display the rich diff b/Collapse file
‎doc/api/cli.md‎
Copy file name to clipboardExpand all lines: doc/api/cli.md
+10Lines changed: 10 additions & 0 deletions
Display the source diff
Display the rich diff
diff --git a/Collapse file
‎doc/node.1‎
Copy file name to clipboardExpand all lines: doc/node.1
+5Lines changed: 5 additions & 0 deletions b/Collapse file
‎doc/node.1‎
Copy file name to clipboardExpand all lines: doc/node.1
+5Lines changed: 5 additions & 0 deletions
diff --git a/Collapse file
‎src/node_options.cc‎
Copy file name to clipboardExpand all lines: src/node_options.cc
+4Lines changed: 4 additions & 0 deletions b/Collapse file
‎src/node_options.cc‎
Copy file name to clipboardExpand all lines: src/node_options.cc
+4Lines changed: 4 additions & 0 deletions
diff --git a/Collapse file
‎test/parallel/test-cli-node-options.js‎
Copy file name to clipboardExpand all lines: test/parallel/test-cli-node-options.js
+1Lines changed: 1 addition & 0 deletions b/Collapse file
‎test/parallel/test-cli-node-options.js‎
Copy file name to clipboardExpand all lines: test/parallel/test-cli-node-options.js
+1Lines changed: 1 addition & 0 deletions
@@ -127,6 +127,15 @@ added: v12.0.0
 
 Specify the file name of the CPU profile generated by `--cpu-prof`.
 
+### `--disallow-code-generation-from-strings`
+<!-- YAML
+added: v9.8.0
+-->
+
+Make built-in language features like `eval` and `new Function` that generate
+code from strings throw an exception instead. This does not affect the Node.js
+`vm` module.
+
 ### `--enable-fips`
 <!-- YAML
 added: v6.0.0
@@ -1134,6 +1143,7 @@ Node.js options that are allowed are:
 V8 options that are allowed are:
 <!-- node-options-v8 start -->
 * `--abort-on-uncaught-exception`
+* `--disallow-code-generation-from-strings`
 * `--interpreted-frames-native-stack`
 * `--max-old-space-size`
 * `--perf-basic-prof-only-functions`
 
@@ -100,6 +100,11 @@ The default is
 File name of the V8 CPU profile generated with
 .Fl -cpu-prof
 .
+.It Fl -disallow-code-generation-from-strings
+Make built-in language features like `eval` and `new Function` that generate
+code from strings throw an exception instead. This does not affect the Node.js
+`vm` module.
+.
 .It Fl -enable-fips
 Enable FIPS-compliant crypto at startup.
 Requires Node.js to be built with
 
@@ -611,6 +611,10 @@ PerIsolateOptionsParser::PerIsolateOptionsParser(
             V8Option{},
             kAllowedInEnvironment);
   AddOption("--stack-trace-limit", "", V8Option{}, kAllowedInEnvironment);
+  AddOption("--disallow-code-generation-from-strings",
+            "disallow eval and friends",
+            V8Option{},
+            kAllowedInEnvironment);
 
 #ifdef NODE_REPORT
   AddOption("--report-uncaught-exception",
 
@@ -60,6 +60,7 @@ if (common.hasCrypto) {
 
 // V8 options
 expect('--abort_on-uncaught_exception', 'B\n');
+expect('--disallow-code-generation-from-strings', 'B\n');
 expect('--max-old-space-size=0', 'B\n');
 expect('--stack-trace-limit=100',
        /(\s*at f \(\[eval\]:1:\d*\)\r?\n){100}/,