[Webkit-unassigned] [Bug 60800] InjectedScriptSource.js - "Don't be eval()."
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri May 13 14:28:56 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=60800
--- Comment #4 from Pavel Feldman <pfeldman at chromium.org> 2011-05-13 14:28:56 PST ---
(In reply to comment #3)
> Can we give InjectedScriptHost its own JSON object from a fresh v8::Context? CSP just disables eval on a per-context basis.
We can do that if it does not turn into some kind of context nightmare as the one we had with the utility context. There are two use cases for eval usage in injected script:
1) JSON parsing. We can work around it by means of native JSON parsing that we use for the inspector protocol. It is just that we were lazy and used eval
2) window.eval for console expression evaluation. I am not quite sure what you are suggesting to do with this one.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list