diff options
| -rw-r--r-- | common.gypi | 2 | ||||
| -rw-r--r-- | deps/v8/src/bootstrapper.cc | 5 | ||||
| -rw-r--r-- | deps/v8/src/flag-definitions.h | 2 | ||||
| -rw-r--r-- | deps/v8/test/mjsunit/disallow-codegen-from-strings.js | 9 |
4 files changed, 17 insertions, 1 deletions
diff --git a/common.gypi b/common.gypi index a3aeff7e03..b2fa7874c2 100644 --- a/common.gypi +++ b/common.gypi @@ -27,7 +27,7 @@ # Reset this number to 0 on major V8 upgrades. # Increment by one for each non-official patch applied to deps/v8. - 'v8_embedder_string': '-node.4', + 'v8_embedder_string': '-node.5', # Enable disassembler for `--print-code` v8 options 'v8_enable_disassembler': 1, diff --git a/deps/v8/src/bootstrapper.cc b/deps/v8/src/bootstrapper.cc index 35e65e1053..695200172d 100644 --- a/deps/v8/src/bootstrapper.cc +++ b/deps/v8/src/bootstrapper.cc @@ -5475,6 +5475,11 @@ Genesis::Genesis( if (!InstallDebuggerNatives()) return; } + if (FLAG_disallow_code_generation_from_strings) { + native_context()->set_allow_code_gen_from_strings( + isolate->heap()->false_value()); + } + ConfigureUtilsObject(context_type); // Check that the script context table is empty except for the 'this' binding. diff --git a/deps/v8/src/flag-definitions.h b/deps/v8/src/flag-definitions.h index d81ececa2a..92635703bb 100644 --- a/deps/v8/src/flag-definitions.h +++ b/deps/v8/src/flag-definitions.h @@ -768,6 +768,8 @@ DEFINE_BOOL(builtins_in_stack_traces, false, "show built-in functions in stack traces") DEFINE_BOOL(enable_experimental_builtins, true, "enable new csa-based experimental builtins") +DEFINE_BOOL(disallow_code_generation_from_strings, false, + "disallow eval and friends") // builtins.cc DEFINE_BOOL(allow_unsafe_function_constructor, false, diff --git a/deps/v8/test/mjsunit/disallow-codegen-from-strings.js b/deps/v8/test/mjsunit/disallow-codegen-from-strings.js new file mode 100644 index 0000000000..30d1b967d5 --- /dev/null +++ b/deps/v8/test/mjsunit/disallow-codegen-from-strings.js @@ -0,0 +1,9 @@ +// Copyright 2017 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --disallow-code-generation-from-strings + +assertThrows("1 + 1", EvalError); +assertThrows(() => eval("1 + 1"), EvalError); +assertThrows(() => Function("x", "return x + 1"), EvalError); |