indirect eval spec too severe?

David-Sarah Hopwood david.hopwood at industrial-designers.co.uk
Tue Jan 20 00:13:04 PST 2009


Mark S. Miller wrote:
>   function foo(str1, str2) {
>     eval(str1);
>     eval(str2);
>   }
> 
> Since foo may be called as foo('var eval = f', ..), the second eval may
> refer to a local or to a global eval. These ambiguities defeat the goal of
> distinguishing direct from indirect calls. Though the above specific problem
> cannot occur if foo is strict, I propose that, for all code, one may not
> define a local variable named "eval".

Note that even with that restriction, it is possible to introduce
variables named 'eval' using 'with' (including in a strict function, if the
'with' construct was in a non-strict function).

Additional restrictions on eval may well be useful, but we need to make
sure that we're actually achieving the desired language properties.

-- 
David-Sarah Hopwood ⚥



More information about the Es-discuss mailing list