#59 ✓resolved
Juriy Zaytsev

Comments and changes to this ticket

  • John-David Dalton
  • Juriy Zaytsev

    Juriy Zaytsev October 7th, 2009 @ 02:23 PM

    Yeah. Looks a little too magical to me : )

    • Need to ditch arguments.callee
    • arguments.callee.lastReturn = undefined; is redundant
    • need to break (script = document.createElement('script')).type = 'text/javascript'; apart
    • some values are returned, while others aren't (e.g. 'var x=1; x;'.eval()). Maybe we shouldn't shoot ourselves in the foot by trying to parse string and return value?
    • I see document.write, but what happens when document is served as xml?
    • document.write inserts script with id which is kind of an invalid html. Can we avoid that?
  • Diego Perini

    Diego Perini February 28th, 2010 @ 05:20 PM

    • Tag set to eval

    I did try to "eval" code in a different context, I have currently tried with a simple iframe. In the process I have learned that this is supported in most >2005 browsers and some older too.

    I believe this technique has some advantage in term of security (not the native locked sandbox we wanted but still another layer).

    Things I wanted to test with the above exercise:

    • saving the state of current context and do a difference to discover augmented namespaces/methods/globals and be able to selectively copy/export methods into the right places in the main context

    • read a JSONP response then, with the above trick, find out the method name by eval()ing it in the temp context

    • span several request/eval as possible in the iframe context using script insertion or JSONP read/eval

    is this something to consider or even interesting to have in Fuse ?

    @kangax, in an iframe,if it were necessary, we could also use document.write() since the iframe is created ad-hoc for that (non XML) and then destroyed after being used and its data consumed.

  • John-David Dalton

    John-David Dalton February 28th, 2010 @ 05:45 PM

    If the code executes in an iframe won't that defeat the purpose of a global eval because it wont be able to access the properties of the primary window without doing something like parent.blah ?

  • John-David Dalton

    John-David Dalton July 23rd, 2010 @ 01:54 PM

    • State changed from “new” to “resolved”
    • Milestone order changed from “0” to “0”

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

JavaScript frameworks share similar features and functionality such as DOM manipulation, event registration, and CSS selector engines. FuseJS attempts to incorporate the strengths of these frameworks into one stable, efficient, and optimized core JavaScript framework.

Tags

Pages