#59 Implement global eval - FuseJS - Core

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

#59 ✓resolved

Implement global eval

Reported by Juriy Zaytsev | September 30th, 2009 @ 10:35 AM

C.f.: https://prototype.lighthouseapp.com/projects/8886/tickets/433-provide-an-eval-that-works-in-global-scope

Comments and changes to this ticket

John-David Dalton October 7th, 2009 @ 01:56 PM
Possible patch from August 08 (it needs revision :D) https://gist.github.com/024e53e62714b9d1219f
You flagged this item as spam.
Juriy Zaytsev October 7th, 2009 @ 02:23 PM
Yeah. Looks a little too magical to me : )
- Need to ditch arguments.callee
- arguments.callee.lastReturn = undefined; is redundant
- need to break (script = document.createElement('script')).type = 'text/javascript'; apart
- some values are returned, while others aren't (e.g. 'var x=1; x;'.eval()). Maybe we shouldn't shoot ourselves in the foot by trying to parse string and return value?
- I see document.write, but what happens when document is served as xml?
- document.write inserts script with id which is kind of an invalid html. Can we avoid that?
You flagged this item as spam.
Diego Perini February 28th, 2010 @ 05:20 PM
- Tag set to “eval”
I did try to "eval" code in a different context, I have currently tried with a simple iframe. In the process I have learned that this is supported in most >2005 browsers and some older too.

I believe this technique has some advantage in term of security (not the native locked sandbox we wanted but still another layer).

Things I wanted to test with the above exercise:
- saving the state of current context and do a difference to discover augmented namespaces/methods/globals and be able to selectively copy/export methods into the right places in the main context
- read a JSONP response then, with the above trick, find out the method name by eval()ing it in the temp context
- span several request/eval as possible in the iframe context using script insertion or JSONP read/eval
is this something to consider or even interesting to have in Fuse ?

@kangax, in an iframe,if it were necessary, we could also use document.write() since the iframe is created ad-hoc for that (non XML) and then destroyed after being used and its data consumed.
John-David Dalton February 28th, 2010 @ 05:45 PM
If the code executes in an iframe won't that defeat the purpose of a global eval because it wont be able to access the properties of the primary window without doing something like parent.blah ?
John-David Dalton July 23rd, 2010 @ 01:54 PM
- State changed from “new” to “resolved”
- Milestone order changed from “0” to “0”
Resolved by http://github.com/jdalton/fusejs/commit/aa958b51260309e7a15f4bd4c7bff4b86c70bb22

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

JavaScript frameworks share similar features and functionality such as DOM manipulation, event registration, and CSS selector engines. FuseJS attempts to incorporate the strengths of these frameworks into one stable, efficient, and optimized core JavaScript framework.