[Pkg-javascript-commits] [dojo] 109/149: fixes #15950, wrap eval code in csp-restrictions has test

David Prévot taffit at moszumanska.debian.org
Sat Feb 27 03:13:53 UTC 2016 

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository dojo.

commit de4325f615f3276a01dbe8a93fbf8f6f95ce2176
Author: dylans <dylan at dojotoolkit.org>
Date:   Sat Dec 26 06:54:10 2015 -0700

    fixes #15950, wrap eval code in csp-restrictions has test
---
 _base/declare.js | 8 +++++++-
 _base/kernel.js  | 5 +++--
 dojo.js          | 4 +++-
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/_base/declare.js b/_base/declare.js
index 08fd137..063db5f 100644
--- a/_base/declare.js
+++ b/_base/declare.js
@@ -3,7 +3,13 @@ define(["./kernel", "../has", "./lang"], function(dojo, has, lang){
 	//		dojo/_base/declare
 
 	var mix = lang.mixin, op = Object.prototype, opts = op.toString,
-		xtor = new Function, counter = 0, cname = "constructor";
+		xtor, counter = 0, cname = "constructor";
+
+	if(!has("csp-restrictions")){
+		xtor = new Function;
+	}else{
+		xtor = function(){};
+	}
 
 	function err(msg, cls){ throw new Error("declare" + (cls ? " " + cls : "") + ": " + msg); }
 
diff --git a/_base/kernel.js b/_base/kernel.js
index 74b49bf..6a8b4a3 100644
--- a/_base/kernel.js
+++ b/_base/kernel.js
@@ -107,8 +107,9 @@ define(["../has", "./config", "require", "module"], function(has, config, requir
 	// is migrated. Absent specific advice otherwise, set extend-dojo to truthy.
 	has.add("extend-dojo", 1);
 
-
-	(Function("d", "d.eval = function(){return d.global.eval ? d.global.eval(arguments[0]) : eval(arguments[0]);}"))(dojo);
+	if(!has("csp-restrictions")){
+		(Function("d", "d.eval = function(){return d.global.eval ? d.global.eval(arguments[0]) : eval(arguments[0]);}"))(dojo);
+	}
 	/*=====
 	dojo.eval = function(scriptText){
 		// summary:
diff --git a/dojo.js b/dojo.js
index fc9bf5d..58435d8 100644
--- a/dojo.js
+++ b/dojo.js
@@ -340,7 +340,9 @@
 	//
 	// loader eval
 	//
-	var eval_ =
+	var eval_ =  has("csp-restrictions") ?
+		// noop eval if there are csp restrictions
+		function(){} :
 		// use the function constructor so our eval is scoped close to (but not in) in the global space with minimal pollution
 		new Function('return eval(arguments[0]);');
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/dojo.git

More information about the Pkg-javascript-commits mailing list