evalcx shouldn't be too fancy

After getting some feedback from Mikeal Rogers and Tim Smart, it was decided
that evalcx should not try to do any fancy security stuff, and instead leave
that in the hands of the user. To comply more with spidermonkey, everything
is passed in, and objects are passed in by reference rather than being
cloned.

diff --git a/src/node.cc b/src/node.cc
index 78b0def..79f1405 100644 (file)
--- a/src/node.cc
+++ b/src/node.cc
@@ -872,10 +872,6 @@ Handle<Value> EvalCX(const Arguments& args) {
   for (i = 0; i < keys->Length(); i++) {
     Handle<String> key = keys->Get(Integer::New(i))->ToString();
     Handle<Value> value = sandbox->Get(key);
-    if (value->IsFunction()) continue;
-    if (value->IsObject()) {
-      value = value->ToObject()->Clone();
-    }
     context->Global()->Set(key, value);
   }
 
@@ -897,10 +893,6 @@ Handle<Value> EvalCX(const Arguments& args) {
       for (i = 0; i < keys->Length(); i++) {
         Handle<String> key = keys->Get(Integer::New(i))->ToString();
         Handle<Value> value = context->Global()->Get(key);
-        if (value->IsFunction()) continue;
-        if (value->IsObject()) {
-          value = value->ToObject()->Clone();
-        }
         sandbox->Set(key, value);
       }
     }

diff --git a/test/simple/test-eval-cx.js b/test/simple/test-eval-cx.js
index 49b8ca1..964512f 100644 (file)
--- a/test/simple/test-eval-cx.js
+++ b/test/simple/test-eval-cx.js
@@ -14,19 +14,24 @@ process.evalcx('hello = 2');
 assert.equal(5, hello);
 
 
+debug("pass values in and out");
 code = "foo = 1;"
      + "bar = 2;"
-     + "if (baz !== 3) throw new Error('test fail');"
-     + "quux.pwned = true;";
-
+     + "if (baz !== 3) throw new Error('test fail');";
 foo = 2;
-var quux = { pwned : false };
-obj = { foo : 0, baz : 3, quux : quux };
+obj = { foo : 0, baz : 3 };
 var baz = process.evalcx(code, obj);
 assert.equal(1, obj.foo);
 assert.equal(2, obj.bar);
-assert.equal(obj.quux.pwned, true);
-assert.equal(quux.pwned, false);
-assert.notEqual(quux, obj.quux);
-
 assert.equal(2, foo);
+
+debug("call a function by reference");
+function changeFoo () { foo = 100 }
+process.evalcx("f()", { f : changeFoo });
+assert.equal(foo, 100);
+
+debug("modify an object by reference");
+var f = { a : 1 };
+process.evalcx("f.a = 2", { f : f });
+assert.equal(f.a, 2);
+