From 31ed37fdf0a3f650bbd8c4a6c211fa6b78652ae8 Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Tue, 16 Mar 2010 18:36:42 -0700
Subject: [PATCH] evalcx shouldn't be too fancy

After getting some feedback from Mikeal Rogers and Tim Smart, it was decided
that evalcx should not try to do any fancy security stuff, and instead leave
that in the hands of the user. To comply more with spidermonkey, everything
is passed in, and objects are passed in by reference rather than being
cloned.
---
 src/node.cc                 |  8 --------
 test/simple/test-eval-cx.js | 23 ++++++++++++++---------
 2 files changed, 14 insertions(+), 17 deletions(-)

diff --git a/src/node.cc b/src/node.cc
index 78b0def..79f1405 100644
--- a/src/node.cc
+++ b/src/node.cc
@@ -872,10 +872,6 @@ Handle<Value> EvalCX(const Arguments& args) {
   for (i = 0; i < keys->Length(); i++) {
     Handle<String> key = keys->Get(Integer::New(i))->ToString();
     Handle<Value> value = sandbox->Get(key);
-    if (value->IsFunction()) continue;
-    if (value->IsObject()) {
-      value = value->ToObject()->Clone();
-    }
     context->Global()->Set(key, value);
   }
 
@@ -897,10 +893,6 @@ Handle<Value> EvalCX(const Arguments& args) {
       for (i = 0; i < keys->Length(); i++) {
         Handle<String> key = keys->Get(Integer::New(i))->ToString();
         Handle<Value> value = context->Global()->Get(key);
-        if (value->IsFunction()) continue;
-        if (value->IsObject()) {
-          value = value->ToObject()->Clone();
-        }
         sandbox->Set(key, value);
       }
     }
diff --git a/test/simple/test-eval-cx.js b/test/simple/test-eval-cx.js
index 49b8ca1..964512f 100644
--- a/test/simple/test-eval-cx.js
+++ b/test/simple/test-eval-cx.js
@@ -14,19 +14,24 @@ process.evalcx('hello = 2');
 assert.equal(5, hello);
 
 
+debug("pass values in and out");
 code = "foo = 1;"
      + "bar = 2;"
-     + "if (baz !== 3) throw new Error('test fail');"
-     + "quux.pwned = true;";
-
+     + "if (baz !== 3) throw new Error('test fail');";
 foo = 2;
-var quux = { pwned : false };
-obj = { foo : 0, baz : 3, quux : quux };
+obj = { foo : 0, baz : 3 };
 var baz = process.evalcx(code, obj);
 assert.equal(1, obj.foo);
 assert.equal(2, obj.bar);
-assert.equal(obj.quux.pwned, true);
-assert.equal(quux.pwned, false);
-assert.notEqual(quux, obj.quux);
-
 assert.equal(2, foo);
+
+debug("call a function by reference");
+function changeFoo () { foo = 100 }
+process.evalcx("f()", { f : changeFoo });
+assert.equal(foo, 100);
+
+debug("modify an object by reference");
+var f = { a : 1 };
+process.evalcx("f.a = 2", { f : f });
+assert.equal(f.a, 2);
+
-- 
2.7.4