8074021: Indirect eval fails when used as an element of an array or as a property of an object
Reviewed-by: attila, hannesw
This commit is contained in:
parent
44cc65ae49
commit
ffd434caa1
nashorn
samples
src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/objects
test/script/basic
82
nashorn/samples/showenv.js
Normal file
82
nashorn/samples/showenv.js
Normal file
@ -0,0 +1,82 @@
|
||||
#// Usage: jjs -fx showenv.js
|
||||
|
||||
/*
|
||||
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* - Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* - Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* - Neither the name of Oracle nor the names of its
|
||||
* contributors may be used to endorse or promote products derived
|
||||
* from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
|
||||
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
|
||||
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
|
||||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
if (!$OPTIONS._fx) {
|
||||
print("Usage: jjs -fx showenv.js");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
// This script displays environment entries as a HTML table.
|
||||
// Demonstrates heredoc to generate HTML content and display
|
||||
// using JavaFX WebView.
|
||||
|
||||
// JavaFX classes used
|
||||
var Scene = Java.type("javafx.scene.Scene");
|
||||
var WebView = Java.type("javafx.scene.web.WebView");
|
||||
|
||||
// JavaFX start method
|
||||
function start(stage) {
|
||||
start.title = "Your Environment";
|
||||
var wv = new WebView();
|
||||
var envrows = "";
|
||||
for (var i in $ENV) {
|
||||
envrows += <<TBL
|
||||
<tr>
|
||||
<td>
|
||||
${i}
|
||||
</td>
|
||||
<td>
|
||||
${$ENV[i]}
|
||||
</td>
|
||||
</tr>
|
||||
TBL
|
||||
}
|
||||
|
||||
wv.engine.loadContent(<<EOF
|
||||
<html>
|
||||
<head>
|
||||
<title>
|
||||
Your Environment
|
||||
</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Your Environment</h1>
|
||||
<table border="1">
|
||||
${envrows}
|
||||
</table>
|
||||
</body>
|
||||
</html>
|
||||
EOF, "text/html");
|
||||
stage.scene = new Scene(wv, 750, 500);
|
||||
stage.show();
|
||||
}
|
84
nashorn/samples/showsysprops.js
Normal file
84
nashorn/samples/showsysprops.js
Normal file
@ -0,0 +1,84 @@
|
||||
#// Usage: jjs -fx showsysprops.js
|
||||
|
||||
/*
|
||||
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* - Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* - Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* - Neither the name of Oracle nor the names of its
|
||||
* contributors may be used to endorse or promote products derived
|
||||
* from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
|
||||
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
|
||||
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
|
||||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
if (!$OPTIONS._fx) {
|
||||
print("Usage: jjs -fx showsysprops.js");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
// This script displays System properties as a HTML table.
|
||||
// Demonstrates heredoc to generate HTML content and display
|
||||
// using JavaFX WebView.
|
||||
|
||||
// JavaFX, Java classes used
|
||||
var Scene = Java.type("javafx.scene.Scene");
|
||||
var System = Java.type("java.lang.System");
|
||||
var WebView = Java.type("javafx.scene.web.WebView");
|
||||
|
||||
// JavaFX start method
|
||||
function start(stage) {
|
||||
start.title = "Your System Properties";
|
||||
var wv = new WebView();
|
||||
var sysproprows = "";
|
||||
var sysprops = System.properties;
|
||||
for (var i in sysprops) {
|
||||
sysproprows += <<TBL
|
||||
<tr>
|
||||
<td>
|
||||
${i}
|
||||
</td>
|
||||
<td>
|
||||
${sysprops[i]}
|
||||
</td>
|
||||
</tr>
|
||||
TBL
|
||||
}
|
||||
|
||||
wv.engine.loadContent(<<EOF
|
||||
<html>
|
||||
<head>
|
||||
<title>
|
||||
Your System Properties
|
||||
</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Your System Properties</h1>
|
||||
<table border="1">
|
||||
${sysproprows}
|
||||
</table>
|
||||
</body>
|
||||
</html>
|
||||
EOF, "text/html");
|
||||
stage.scene = new Scene(wv, 750, 500);
|
||||
stage.show();
|
||||
}
|
@ -951,7 +951,7 @@ public final class Global extends ScriptObject implements Scope {
|
||||
return str;
|
||||
}
|
||||
final Global global = Global.instanceFrom(self);
|
||||
final ScriptObject scope = self instanceof ScriptObject ? (ScriptObject)self : global;
|
||||
final ScriptObject scope = self instanceof ScriptObject && ((ScriptObject)self).isScope() ? (ScriptObject)self : global;
|
||||
|
||||
return global.getContext().eval(scope, str.toString(), callThis, location, strict, true);
|
||||
}
|
||||
|
41
nashorn/test/script/basic/JDK-8074021.js
Normal file
41
nashorn/test/script/basic/JDK-8074021.js
Normal file
@ -0,0 +1,41 @@
|
||||
/*
|
||||
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
/**
|
||||
* JDK-8074021: Indirect eval fails when used as an element of an array or as a property of an object
|
||||
*
|
||||
* @test
|
||||
* @run
|
||||
*/
|
||||
|
||||
var obj = { foo: eval };
|
||||
Assert.assertTrue(obj.foo("typeof(print) == 'function'"));
|
||||
Assert.assertTrue(obj.foo("RegExp instanceof Function"));
|
||||
Assert.assertEquals(obj.foo("String(new Array(2, 4, 3))"), "2,4,3");
|
||||
obj.foo("print('hello')");
|
||||
|
||||
var args = [ eval ];
|
||||
Assert.assertTrue(args[0]("typeof(print) == 'function'"));
|
||||
Assert.assertTrue(args[0]("RegExp instanceof Function"));
|
||||
Assert.assertEquals(args[0]("String(new Array(2, 4, 3))"), "2,4,3");
|
||||
args[0]("print('hello')");
|
2
nashorn/test/script/basic/JDK-8074021.js.EXPECTED
Normal file
2
nashorn/test/script/basic/JDK-8074021.js.EXPECTED
Normal file
@ -0,0 +1,2 @@
|
||||
hello
|
||||
hello
|
Loading…
x
Reference in New Issue
Block a user