From 3705b3792363e6a3b6e721bff761eaf732868cbe Mon Sep 17 00:00:00 2001 From: Rich-Harris Date: Sat, 4 Jun 2016 23:39:19 -0400 Subject: [PATCH] warn about eval security vulnerability --- src/Statement.js | 3 ++- test/function/warn-on-eval/_config.js | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/Statement.js b/src/Statement.js index 2aad733..3c00c36 100644 --- a/src/Statement.js +++ b/src/Statement.js @@ -47,7 +47,8 @@ export default class Statement { enter ( node, parent, prop ) { // warn about eval if ( node.type === 'CallExpression' && node.callee.name === 'eval' && !scope.contains( 'eval' ) ) { - module.bundle.onwarn( `Use of \`eval\` (in ${module.id}) is discouraged, as it may cause issues with minification. See https://github.com/rollup/rollup/wiki/Troubleshooting#avoiding-eval for more details` ); + // TODO show location + module.bundle.onwarn( `Use of \`eval\` (in ${module.id}) is strongly discouraged, as it poses security risks and may cause issues with minification. See https://github.com/rollup/rollup/wiki/Troubleshooting#avoiding-eval for more details` ); } // skip re-export declarations diff --git a/test/function/warn-on-eval/_config.js b/test/function/warn-on-eval/_config.js index 62a3ee4..169171c 100644 --- a/test/function/warn-on-eval/_config.js +++ b/test/function/warn-on-eval/_config.js @@ -8,7 +8,7 @@ module.exports = { options: { onwarn: function ( message ) { warned = true; - assert.ok( /Use of `eval` \(in .+?main\.js\) is discouraged, as it may cause issues with minification\. See https:\/\/github.com\/rollup\/rollup\/wiki\/Troubleshooting#avoiding-eval for more details/.test( message ) ); + assert.ok( /Use of `eval` \(in .+?main\.js\) is strongly discouraged, as it poses security risks and may cause issues with minification\. See https:\/\/github.com\/rollup\/rollup\/wiki\/Troubleshooting#avoiding-eval for more details/.test( message ) ); } }, exports: function () {