
Implement global eval
Reported by Juriy Zaytsev | September 30th, 2009 @ 10:35 AM
Comments and changes to this ticket
-
John-David Dalton October 7th, 2009 @ 01:56 PM
Possible patch from August 08 (it needs revision :D) https://gist.github.com/024e53e62714b9d1219f
-
Juriy Zaytsev October 7th, 2009 @ 02:23 PM
Yeah. Looks a little too magical to me : )
- Need to ditch
arguments.callee
arguments.callee.lastReturn = undefined;
is redundant- need to break
(script = document.createElement('script')).type = 'text/javascript';
apart - some values are returned, while others aren't (e.g. 'var x=1; x;'.eval()). Maybe we shouldn't shoot ourselves in the foot by trying to parse string and return value?
- I see
document.write
, but what happens when document is served as xml? document.write
inserts script withid
which is kind of an invalid html. Can we avoid that?
- Need to ditch
-
Diego Perini February 28th, 2010 @ 05:20 PM
- Tag set to eval
I did try to "eval" code in a different context, I have currently tried with a simple iframe. In the process I have learned that this is supported in most >2005 browsers and some older too.
I believe this technique has some advantage in term of security (not the native locked sandbox we wanted but still another layer).
Things I wanted to test with the above exercise:
-
saving the state of current context and do a difference to discover augmented namespaces/methods/globals and be able to selectively copy/export methods into the right places in the main context
-
read a JSONP response then, with the above trick, find out the method name by eval()ing it in the temp context
-
span several request/eval as possible in the iframe context using script insertion or JSONP read/eval
is this something to consider or even interesting to have in Fuse ?
@kangax, in an iframe,if it were necessary, we could also use document.write() since the iframe is created ad-hoc for that (non XML) and then destroyed after being used and its data consumed.
-
John-David Dalton February 28th, 2010 @ 05:45 PM
If the code executes in an iframe won't that defeat the purpose of a global eval because it wont be able to access the properties of the primary window without doing something like
parent.blah
? -
John-David Dalton July 23rd, 2010 @ 01:54 PM
- State changed from new to resolved
- Milestone order changed from 0 to 0
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
JavaScript frameworks share similar features and functionality such as DOM manipulation, event registration, and CSS selector engines. FuseJS attempts to incorporate the strengths of these frameworks into one stable, efficient, and optimized core JavaScript framework.