QuickJS: disabling eval() and Function() in qjs_new_context().

This properly disables eval() after previous attempt in c773ebcaad
(0.8.5).  In QuickJS buint-in C level eval API, which is used by njs, is
linked to eval() in JS code. To disable only the JS function
manual modification of global object is required.

diff --git a/external/njs_shell.c b/external/njs_shell.c
index 806936343bf5c8c1f15a17173aaac5e643707c90..30d4d8c6051f4e0378100892dd85ecb3ebfeda6f 100644 (file)
--- a/external/njs_shell.c
+++ b/external/njs_shell.c
@@ -2731,7 +2731,7 @@ njs_engine_qjs_init(njs_engine_t *engine, njs_opts_t *opts)
         return NJS_ERROR;
     }
 
-    engine->u.qjs.ctx = qjs_new_context(engine->u.qjs.rt, NULL, 1);
+    engine->u.qjs.ctx = qjs_new_context(engine->u.qjs.rt, NULL);
     if (engine->u.qjs.ctx == NULL) {
         njs_stderror("JS_NewContext() failed\n");
         return NJS_ERROR;

diff --git a/src/qjs.c b/src/qjs.c
index 71aeab64cc7a91f0cadd86709c0043abad38fa6f..e765356905ad768473bd3eccb98a24910037170d 100644 (file)
--- a/src/qjs.c
+++ b/src/qjs.c
@@ -17,8 +17,10 @@ static const JSCFunctionListEntry qjs_global_proto[] = {
 
 
 JSContext *
-qjs_new_context(JSRuntime *rt, qjs_module_t **addons, _Bool eval)
+qjs_new_context(JSRuntime *rt, qjs_module_t **addons)
 {
+    int           ret;
+    JSAtom        prop;
     JSValue       global_obj;
     JSContext     *ctx;
     qjs_module_t  **module;
@@ -37,10 +39,7 @@ qjs_new_context(JSRuntime *rt, qjs_module_t **addons, _Bool eval)
     JS_AddIntrinsicTypedArrays(ctx);
     JS_AddIntrinsicPromise(ctx);
     JS_AddIntrinsicBigInt(ctx);
-
-    if (eval) {
-        JS_AddIntrinsicEval(ctx);
-    }
+    JS_AddIntrinsicEval(ctx);
 
     for (module = qjs_modules; *module != NULL; module++) {
         if ((*module)->init(ctx, (*module)->name) == NULL) {
@@ -61,6 +60,28 @@ qjs_new_context(JSRuntime *rt, qjs_module_t **addons, _Bool eval)
     JS_SetPropertyFunctionList(ctx, global_obj, qjs_global_proto,
                                njs_nitems(qjs_global_proto));
 
+    prop = JS_NewAtom(ctx, "eval");
+    if (prop == JS_ATOM_NULL) {
+        return NULL;
+    }
+
+    ret = JS_DeleteProperty(ctx, global_obj, prop, 0);
+    JS_FreeAtom(ctx, prop);
+    if (ret < 0) {
+        return NULL;
+    }
+
+    prop = JS_NewAtom(ctx, "Function");
+    if (prop == JS_ATOM_NULL) {
+        return NULL;
+    }
+
+    ret = JS_DeleteProperty(ctx, global_obj, prop, 0);
+    JS_FreeAtom(ctx, prop);
+    if (ret < 0) {
+        return NULL;
+    }
+
     JS_FreeValue(ctx, global_obj);
 
     return ctx;

diff --git a/src/qjs.h b/src/qjs.h
index 516fea9691a6abef6f396e88d6ca300704c8d564..dff5919b97254a28a19446fbc1586a942f586921 100644 (file)
--- a/src/qjs.h
+++ b/src/qjs.h
@@ -41,7 +41,7 @@ typedef struct {
 } qjs_module_t;
 
 
-JSContext *qjs_new_context(JSRuntime *rt, qjs_module_t **addons, _Bool eval);
+JSContext *qjs_new_context(JSRuntime *rt, qjs_module_t **addons);
 
 
 JSValue qjs_buffer_alloc(JSContext *ctx, size_t size);