IonMonkey: Bail on "eval" if eval's input contains "eval"

NEW
Unassigned

Status

()

Core
JavaScript Engine
5 years ago
4 years ago

People

(Reporter: djvj, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
IonMonkey compiles frames containing eval, but bails if the eval is reached and its input string contains "arguments" (checked via strstr), since ion doesn't support arguments objects.

However, that can happen indirectly via:

eval("eval('arg'+'uments')");

which wont trigger the strstr.  So the strstr should also check for "eval" within the eval input, and bail if it's found.  That should cover all cases.
(Assignee)

Updated

4 years ago
Assignee: general → nobody
You need to log in before you can comment on or make changes to this bug.