File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ 'use strict' ;
2+
3+ const common = require ( '../common' ) ;
4+ const assert = require ( 'assert' ) ;
5+ const { spawnSync } = require ( 'child_process' ) ;
6+
7+ const message = / C o d e g e n e r a t i o n f r o m s t r i n g s d i s a l l o w e d f o r t h i s c o n t e x t / ;
8+
9+ // Check default behavior (blocked)
10+ // We test this in a subprocess to ensure a clean state
11+ const blockedChild = spawnSync ( process . execPath , [
12+ '-e' ,
13+ 'eval("1")'
14+ ] ) ;
15+ assert . notStrictEqual ( blockedChild . status , 0 ) ;
16+ assert . match ( blockedChild . stderr . toString ( ) , message ) ;
17+
18+ // Check --enable-eval behavior (allowed)
19+ const allowedChild = spawnSync ( process . execPath , [
20+ '--enable-eval' ,
21+ '-e' ,
22+ 'console.log(eval("1 + 1")); console.log(new Function("return 2")())'
23+ ] ) ;
24+ assert . strictEqual ( allowedChild . status , 0 ) ;
25+ assert . strictEqual ( allowedChild . stdout . toString ( ) . trim ( ) , '2\n2' ) ;
26+
27+ // Check behavior within the current process (should be blocked by default)
28+ assert . throws ( ( ) => eval ( '1' ) , {
29+ name : 'EvalError' ,
30+ message : message
31+ } ) ;
32+
33+ assert . throws ( ( ) => new Function ( 'return 1' ) , {
34+ name : 'EvalError' ,
35+ message : message
36+ } ) ;
37+
38+ console . log ( 'All tests passed' ) ;
You can’t perform that action at this time.
0 commit comments