warn about eval security vulnerability

9 years ago · 3705b37923
2 changed files with 3 additions and 2 deletions
--- a/src/Statement.js
+++ b/src/Statement.js
@ -47,7 +47,8 @@ export default class Statement {
 			enter ( node, parent, prop ) {
 				// warn about eval
 				if ( node.type === 'CallExpression' && node.callee.name === 'eval' && !scope.contains( 'eval' ) ) {
-					module.bundle.onwarn( `Use of \`eval\` (in ${module.id}) is discouraged, as it may cause issues with minification. See https://github.com/rollup/rollup/wiki/Troubleshooting#avoiding-eval for more details` );
+					// TODO show location
 					module.bundle.onwarn( `Use of \`eval\` (in ${module.id}) is strongly discouraged, as it poses security risks and may cause issues with minification. See https://github.com/rollup/rollup/wiki/Troubleshooting#avoiding-eval for more details` );
 				}
 				// skip re-export declarations
--- a/test/function/warn-on-eval/_config.js
+++ b/test/function/warn-on-eval/_config.js
@ -8,7 +8,7 @@ module.exports = {
 	options: {
 		onwarn: function ( message ) {
 			warned = true;
-			assert.ok( /Use of `eval` \(in .+?main\.js\) is discouraged, as it may cause issues with minification\. See https:\/\/github.com\/rollup\/rollup\/wiki\/Troubleshooting#avoiding-eval for more details/.test( message ) );
+			assert.ok( /Use of `eval` \(in .+?main\.js\) is strongly discouraged, as it poses security risks and may cause issues with minification\. See https:\/\/github.com\/rollup\/rollup\/wiki\/Troubleshooting#avoiding-eval for more details/.test( message ) );
 		}
 	},
 	exports: function () {