Issue 1368 in google-caja: Support Function() constructor with string literal

4 views
Skip to first unread message

googl...@googlecode.com

unread,
Jun 20, 2011, 2:09:42 PM6/20/11
to google-ca...@googlegroups.com
Status: New
Owner: metaw...@gmail.com
Labels: Type-Defect Priority-Medium

New issue 1368 by metaw...@gmail.com: Support Function() constructor with
string literal
http://code.google.com/p/google-caja/issues/detail?id=1368

Shouldn't be any harder than event handlers. Unlike eval(), Function()
doesn't close over the surrounding scope, so it should be hoisted to the
top and given some triple-underbar name.

googl...@googlecode.com

unread,
Jun 20, 2011, 8:22:39 PM6/20/11
to google-ca...@googlegroups.com
Updates:
Labels: -Type-Defect Type-Enhancement

Comment #1 on issue 1368 by eri...@google.com: Support Function()

(No comment was entered for this change.)

googl...@googlecode.com

unread,
Feb 11, 2012, 5:54:36 PM2/11/12
to google-ca...@googlegroups.com

Comment #2 on issue 1368 by metaw...@gmail.com: Support Function()

MathJax uses this technique to avoid creating unnecessary closures.

googl...@googlecode.com

unread,
Aug 7, 2012, 3:50:51 PM8/7/12
to google-ca...@googlegroups.com

Comment #3 on issue 1368 by metaw...@gmail.com: Support Function()
If we have a string literal as the argument to Function, we can replace the
whole thing with a reference to a global function that returns a closure:

var x = 1;
function f() {
var x = 2;
return new Function("return x;");
}

becomes

function makeClosure1() {
return function () {
return x;
}
}
var x = 1;
function f() {
var x = 2;
return makeClosure1();
}

Note that f()() === 1, not 2.


googl...@googlecode.com

unread,
Aug 7, 2012, 7:18:58 PM8/7/12
to google-ca...@googlegroups.com

Comment #4 on issue 1368 by eri...@google.com: Support Function()
These are not equivalent in SES for many of the same reasons as raised in
our recent conversation about eval vs cajaVM.eval. Unlike the global "eval"
function, which can be shadowed per SES evaluation, the Function
constructor is necessarily global to a SES frame, since it can also be
reached by (function(){}).constructor. Therefore, it is analogous to
cajaVM.eval in that it cannot provide access to mutable state or authority.
In SES


var x = 1;
function f() {
var x = 2;
return new Function("return x;");
}

f();

Must fail, since the newly made function may not mention "x" and does not
have this x in its scope regardless.

googl...@googlecode.com

unread,
Aug 9, 2012, 12:30:50 PM8/9/12
to google-ca...@googlegroups.com

Comment #5 on issue 1368 by metaw...@gmail.com: Support Function()
Do you see a way to support the Function constructor in SES, even with a
statically known argument? If not, should we even bother to try supporting
it in ES5/3?

googl...@googlecode.com

unread,
Aug 9, 2012, 1:17:19 PM8/9/12
to google-ca...@googlegroups.com

Comment #6 on issue 1368 by eri...@google.com: Support Function()
We support the Function constructor, with the only caveat being that the
only free variables that may occur in the argument strings are the
whitelisted globals. So long as this restriction is enforced, your current
technique for supporting it in ES5/3 should work fine.

googl...@googlecode.com

unread,
Aug 9, 2012, 6:09:02 PM8/9/12
to google-ca...@googlegroups.com

Comment #7 on issue 1368 by metaw...@gmail.com: Support Function()
In ES53, Function("...") would have to be a special form.

var F = Function;
new F("...");

would be different from

new Function("...");

We don't have any other special forms at the moment that I can find. (I
recall that "load" used to be one, but I think that was removed at the same
time as valija.) Does our aversion to special forms outweigh our desire to
support MathJax and other such libraries?

googl...@googlecode.com

unread,
Aug 9, 2012, 10:49:36 PM8/9/12
to google-ca...@googlegroups.com

Comment #8 on issue 1368 by eri...@google.com: Support Function()
> Does our aversion to special forms outweigh our desire to support MathJax
> and other such libraries?

Which of these would be satisfied with a confining Function special form?
Of those, how much do we care?

By "confining" here I mean the restriction mentioned in comment 6: "the

googl...@googlecode.com

unread,
May 1, 2013, 1:40:35 AM5/1/13
to google-ca...@googlegroups.com
Updates:
Status: Fixed

Comment #9 on issue 1368 by ihab.a...@gmail.com: Support Function()
Supported in ES5. No longer a factor.

--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Reply all
Reply to author
Forward
0 new messages