diff options
author | Yuchen Pei <id@ypei.org> | 2023-09-10 12:02:37 +1000 |
---|---|---|
committer | Yuchen Pei <id@ypei.org> | 2023-09-17 17:46:08 +1000 |
commit | 0e9dc99f56da9f5acdf50382ae6df28218ca512d (patch) | |
tree | bd52dd5b1499a4d9c7d24b5fdefc16d10bb33135 /NEWS | |
parent | 46ecac9ab60b32ccc7b40a668938c84117de1b4d (diff) |
Fixing bypassing Function("...").
It is similar to eval(). See,
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function/Function
As a prior art, another extension did the blank ban of Function():
https://addons.mozilla.org/en-US/firefox/addon/noeval-disable-eval/
So let's ban it as well.
Bug reported at
https://lists.gnu.org/archive/html/bug-librejs/2023-09/msg00000.html
Diffstat (limited to 'NEWS')
0 files changed, 0 insertions, 0 deletions