Restrict application of eval so it can only be used in the context of the global...

Review URL: http://codereview.chromium.org/10748

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@757 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/v8natives.js b/src/v8natives.js
index 094d5ea..79518f7 100644 (file)
--- a/src/v8natives.js
+++ b/src/v8natives.js
@@ -105,6 +105,11 @@ function GlobalParseFloat(string) {
 function GlobalEval(x) {
   if (!IS_STRING(x)) return x;
 
+  if (this !== %GlobalReceiver(global)) {
+    throw $EvalError('The "this" object passed to eval ' + 
+                     'must be the global object from which eval originated');
+  }
+  
   var f = %CompileString(x, 0, true);
   if (!IS_FUNCTION(f)) return f;
 

diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc
index 0e8a508..f3b018d 100644 (file)
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -4078,6 +4078,14 @@ THREADED_TEST(CrossEval) {
                                       "with({x:2}){other.eval('x+y')}"));
   result = script->Run();
   CHECK_EQ(3, result->Int32Value());
+
+  // Check that you cannot use 'eval.call' with another object than the
+  // current global object.
+  v8::TryCatch try_catch;
+  script =
+      Script::Compile(v8_str("other.y = 1; eval.call(other, 'y')"));
+  result = script->Run();
+  CHECK(try_catch.HasCaught());
 }