Issue 1785 in google-caja: Support top-level eval() in ES5 mode
11 views
Skip to first unread message
googl...@googlecode.com
Jul 2, 2013, 5:33:31 PM7/2/13
to google-ca...@googlegroups.com
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium jQuery
New issue 1785 by ihab.a...@gmail.com: Support top-level eval() in ES5 mode
http://code.google.com/p/google-caja/issues/detail?id=1785
The following fails:
<script>eval('alert(1);');</script>
<script>window.eval('alert(1);');</script>
because 'eval' is not defined in the top scope in ES5.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Owner: ----
Labels: Type-Defect Priority-Medium jQuery
New issue 1785 by ihab.a...@gmail.com: Support top-level eval() in ES5 mode
http://code.google.com/p/google-caja/issues/detail?id=1785
The following fails:
<script>eval('alert(1);');</script>
<script>window.eval('alert(1);');</script>
because 'eval' is not defined in the top scope in ES5.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
googl...@googlecode.com
Jul 2, 2013, 6:45:17 PM7/2/13
to google-ca...@googlegroups.com
Comment #1 on issue 1785 by erights: Support top-level eval() in ES5 mode
http://code.google.com/p/google-caja/issues/detail?id=1785
See the TAME_GLOBAL_EVAL flag in startSES.js. Has the underlying Chrome/v8
debugger problem ever been reported? Is it now fixed?
googl...@googlecode.com
Jul 2, 2013, 9:25:12 PM7/2/13
to google-ca...@googlegroups.com
Comment #2 on issue 1785 by ihab.a...@gmail.com: Support top-level eval()
An exit criterion for this bug is that, in some jQuery, the following:
<script>
var x = $('\u003c script \u003e alert(1); \u003c /script \u003e');
$(document.body).append(x[0]);
</script>
actually alert()-s 1. This means that jQuery's globalEval() actually works.
googl...@googlecode.com
Jul 11, 2013, 2:39:26 PM7/11/13
to google-ca...@googlegroups.com
Updates:
Labels: SES
Comment #3 on issue 1785 by erights: Support top-level eval() in ES5 mode
http://code.google.com/p/google-caja/issues/detail?id=1785
(No comment was entered for this change.)
Labels: SES
Comment #3 on issue 1785 by erights: Support top-level eval() in ES5 mode
http://code.google.com/p/google-caja/issues/detail?id=1785
(No comment was entered for this change.)
googl...@googlecode.com
Jul 16, 2013, 3:21:50 PM7/16/13
to google-ca...@googlegroups.com
Comment #4 on issue 1785 by ihab.a...@gmail.com: Support top-level eval()
It turns out this is a thorny issue. If one is to throw caution to the wind
for a moment and set, in startSES.js:
var TAME_GLOBAL_EVAL = true;
then we fail to initialize ES5 on Chrome because:
Not repaired: Eval breaks masking of named functions in non-strict code
googl...@googlecode.com
Jul 16, 2013, 5:53:58 PM7/16/13
to google-ca...@googlegroups.com
Comment #5 on issue 1785 by erights: Support top-level eval() in ES5 mode
http://code.google.com/p/google-caja/issues/detail?id=1785
> Eval breaks masking of named functions in non-strict code
since our tamed eval only evaluates things in strict mode.
googl...@googlecode.com
Feb 15, 2015, 2:55:38 PM2/15/15
to google-ca...@googlegroups.com
Updates:
Owner: erights
Comment #7 on issue 1785 by eri...@google.com: Support top-level eval() in
ES5 mode
https://code.google.com/p/google-caja/issues/detail?id=1785
(No comment was entered for this change.)
Owner: erights
Comment #7 on issue 1785 by eri...@google.com: Support top-level eval() in
ES5 mode
https://code.google.com/p/google-caja/issues/detail?id=1785
(No comment was entered for this change.)
Reply all
Reply to author
Forward
0 new messages