Browse Source

warn about eval security vulnerability

gh-669
Rich-Harris 9 years ago
parent
commit
3705b37923
  1. 3
      src/Statement.js
  2. 2
      test/function/warn-on-eval/_config.js

3
src/Statement.js

@ -47,7 +47,8 @@ export default class Statement {
enter ( node, parent, prop ) {
// warn about eval
if ( node.type === 'CallExpression' && node.callee.name === 'eval' && !scope.contains( 'eval' ) ) {
module.bundle.onwarn( `Use of \`eval\` (in ${module.id}) is discouraged, as it may cause issues with minification. See https://github.com/rollup/rollup/wiki/Troubleshooting#avoiding-eval for more details` );
// TODO show location
module.bundle.onwarn( `Use of \`eval\` (in ${module.id}) is strongly discouraged, as it poses security risks and may cause issues with minification. See https://github.com/rollup/rollup/wiki/Troubleshooting#avoiding-eval for more details` );
}
// skip re-export declarations

2
test/function/warn-on-eval/_config.js

@ -8,7 +8,7 @@ module.exports = {
options: {
onwarn: function ( message ) {
warned = true;
assert.ok( /Use of `eval` \(in .+?main\.js\) is discouraged, as it may cause issues with minification\. See https:\/\/github.com\/rollup\/rollup\/wiki\/Troubleshooting#avoiding-eval for more details/.test( message ) );
assert.ok( /Use of `eval` \(in .+?main\.js\) is strongly discouraged, as it poses security risks and may cause issues with minification\. See https:\/\/github.com\/rollup\/rollup\/wiki\/Troubleshooting#avoiding-eval for more details/.test( message ) );
}
},
exports: function () {

Loading…
Cancel
Save