Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(351)

Side by Side Diff: src/builtins/builtins-global.cc

Issue 2199343002: Do an access check before compiling code via eval() (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: updates Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/builtins/builtins-function.cc ('k') | test/cctest/test-api.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 the V8 project authors. All rights reserved. 1 // Copyright 2016 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/builtins/builtins.h" 5 #include "src/builtins/builtins.h"
6 #include "src/builtins/builtins-utils.h" 6 #include "src/builtins/builtins-utils.h"
7 7
8 #include "src/compiler.h" 8 #include "src/compiler.h"
9 #include "src/uri.h" 9 #include "src/uri.h"
10 10
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after
78 RETURN_RESULT_OR_FAILURE(isolate, Uri::Unescape(isolate, string)); 78 RETURN_RESULT_OR_FAILURE(isolate, Uri::Unescape(isolate, string));
79 } 79 }
80 80
81 // ES6 section 18.2.1 eval (x) 81 // ES6 section 18.2.1 eval (x)
82 BUILTIN(GlobalEval) { 82 BUILTIN(GlobalEval) {
83 HandleScope scope(isolate); 83 HandleScope scope(isolate);
84 Handle<Object> x = args.atOrUndefined(isolate, 1); 84 Handle<Object> x = args.atOrUndefined(isolate, 1);
85 Handle<JSFunction> target = args.target<JSFunction>(); 85 Handle<JSFunction> target = args.target<JSFunction>();
86 Handle<JSObject> target_global_proxy(target->global_proxy(), isolate); 86 Handle<JSObject> target_global_proxy(target->global_proxy(), isolate);
87 if (!x->IsString()) return *x; 87 if (!x->IsString()) return *x;
88 if (!Builtins::AllowDynamicFunction(isolate, target, target_global_proxy)) {
89 isolate->CountUsage(v8::Isolate::kFunctionConstructorReturnedUndefined);
90 return isolate->heap()->undefined_value();
91 }
88 Handle<JSFunction> function; 92 Handle<JSFunction> function;
89 ASSIGN_RETURN_FAILURE_ON_EXCEPTION( 93 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
90 isolate, function, Compiler::GetFunctionFromString( 94 isolate, function, Compiler::GetFunctionFromString(
91 handle(target->native_context(), isolate), 95 handle(target->native_context(), isolate),
92 Handle<String>::cast(x), NO_PARSE_RESTRICTION)); 96 Handle<String>::cast(x), NO_PARSE_RESTRICTION));
93 RETURN_RESULT_OR_FAILURE( 97 RETURN_RESULT_OR_FAILURE(
94 isolate, 98 isolate,
95 Execution::Call(isolate, function, target_global_proxy, 0, nullptr)); 99 Execution::Call(isolate, function, target_global_proxy, 0, nullptr));
96 } 100 }
97 101
98 } // namespace internal 102 } // namespace internal
99 } // namespace v8 103 } // namespace v8
OLDNEW
« no previous file with comments | « src/builtins/builtins-function.cc ('k') | test/cctest/test-api.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698