Andreas Kling 9054b1bc14 LibJS: Always taint parsing environment on call to eval() ...

We had an edge case where calls to eval() left the environment untainted
*if* `eval` had also been declared as a local variable in the same
parsing context.

This broke the expected direct eval behavior when the variable `eval`
was still pointing at the global `eval` function.

This patch fixes the issue by simply always tainting the environment
when a call to something named `eval` is encountered. It doesn't seem
worth worrying about optimizing the case where someone is calling their
own function named `eval`..

Fixes 1 test-js test in bytecode mode. :^)

2023-07-21 14:14:00 +02:00

223 KiB

Raw Blame History

View Raw