Welcome! Log In Create A New Profile

Advanced

[njs] QuickJS: disabling eval() and string normalize.

Anonymous User
July 01, 2024 10:36PM
details: https://github.com/nginx/njs/commit/c773ebcaad703e704220d7f8f9fc40c78f50d779
branches: master
commit: c773ebcaad703e704220d7f8f9fc40c78f50d779
user: Dmitry Volyntsev <xeioex@nginx.com>
date: Fri, 21 Jun 2024 00:06:46 -0700
description:
QuickJS: disabling eval() and string normalize.


---
external/njs_shell.c | 2 +-
src/qjs.c | 18 ++++++++++++++++--
src/qjs.h | 2 +-
3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/external/njs_shell.c b/external/njs_shell.c
index e00f2529..672215c1 100644
--- a/external/njs_shell.c
+++ b/external/njs_shell.c
@@ -2811,7 +2811,7 @@ njs_engine_qjs_init(njs_engine_t *engine, njs_opts_t *opts)
return NJS_ERROR;
}

- engine->u.qjs.ctx = qjs_new_context(engine->u.qjs.rt);
+ engine->u.qjs.ctx = qjs_new_context(engine->u.qjs.rt, 1);
if (engine->u.qjs.ctx == NULL) {
njs_stderror("JS_NewContext() failed\n");
return NJS_ERROR;
diff --git a/src/qjs.c b/src/qjs.c
index 83b43ad7..0a31b748 100644
--- a/src/qjs.c
+++ b/src/qjs.c
@@ -8,16 +8,30 @@


JSContext *
-qjs_new_context(JSRuntime *rt)
+qjs_new_context(JSRuntime *rt, _Bool eval)
{
JSContext *ctx;
qjs_module_t **module;

- ctx = JS_NewContext(rt);
+ ctx = JS_NewContextRaw(rt);
if (ctx == NULL) {
return NULL;
}

+ JS_AddIntrinsicBaseObjects(ctx);
+ JS_AddIntrinsicDate(ctx);
+ JS_AddIntrinsicRegExp(ctx);
+ JS_AddIntrinsicJSON(ctx);
+ JS_AddIntrinsicProxy(ctx);
+ JS_AddIntrinsicMapSet(ctx);
+ JS_AddIntrinsicTypedArrays(ctx);
+ JS_AddIntrinsicPromise(ctx);
+ JS_AddIntrinsicBigInt(ctx);
+
+ if (eval) {
+ JS_AddIntrinsicEval(ctx);
+ }
+
for (module = qjs_modules; *module != NULL; module++) {
if ((*module)->init(ctx, (*module)->name) == NULL) {
return NULL;
diff --git a/src/qjs.h b/src/qjs.h
index 2307d4d9..71e23d78 100644
--- a/src/qjs.h
+++ b/src/qjs.h
@@ -39,7 +39,7 @@ typedef struct {
} qjs_module_t;


-JSContext *qjs_new_context(JSRuntime *rt);
+JSContext *qjs_new_context(JSRuntime *rt, _Bool eval);


JSValue qjs_buffer_alloc(JSContext *ctx, size_t size);
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[njs] QuickJS: disabling eval() and string normalize.

Anonymous User 166 July 01, 2024 10:36PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 361
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready