From e942bb98325d0a4fdb79cdc75782f065c0289d70 Mon Sep 17 00:00:00 2001 From: Yuchen Pei Date: Sun, 10 Sep 2023 12:02:37 +1000 Subject: Fixing bypassing Function("..."). It is similar to eval(). See, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function/Function As a prior art, another extension did the blank ban of Function(): https://addons.mozilla.org/en-US/firefox/addon/noeval-disable-eval/ So let's ban it as well. Bug reported at https://lists.gnu.org/archive/html/bug-librejs/2023-09/msg00000.html --- common/fname_data.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'common') diff --git a/common/fname_data.json b/common/fname_data.json index 5606007..38652d6 100644 --- a/common/fname_data.json +++ b/common/fname_data.json @@ -714,7 +714,7 @@ "RadioNodeList": true, "KeyframeEffectReadOnly": true, "InstallTrigger": true, - "Function": false, + "Function": true, "Object": false, "eval": true, "Window": false, -- cgit v1.2.3