Mercurial > jdk8-mips64-public > nashorn / changeset
changeset
8074021: Indirect eval fails when used as an element of an array or as a property of an object
Fri, 27 Feb 2015 19:16:29 +0530
- author
- sundar
- date
- Fri, 27 Feb 2015 19:16:29 +0530
- changeset 1241
- cbc1fc667d77
- parent 1240
- 57e6241ab92f
- child 1242
- f68a78f80099
8074021: Indirect eval fails when used as an element of an array or as a property of an object
Reviewed-by: attila, hannesw
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/samples/showenv.js Fri Feb 27 19:16:29 2015 +0530 1.3 @@ -0,0 +1,82 @@ 1.4 +#// Usage: jjs -fx showenv.js 1.5 + 1.6 +/* 1.7 + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. 1.8 + * 1.9 + * Redistribution and use in source and binary forms, with or without 1.10 + * modification, are permitted provided that the following conditions 1.11 + * are met: 1.12 + * 1.13 + * - Redistributions of source code must retain the above copyright 1.14 + * notice, this list of conditions and the following disclaimer. 1.15 + * 1.16 + * - Redistributions in binary form must reproduce the above copyright 1.17 + * notice, this list of conditions and the following disclaimer in the 1.18 + * documentation and/or other materials provided with the distribution. 1.19 + * 1.20 + * - Neither the name of Oracle nor the names of its 1.21 + * contributors may be used to endorse or promote products derived 1.22 + * from this software without specific prior written permission. 1.23 + * 1.24 + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 1.25 + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 1.26 + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 1.27 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 1.28 + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 1.29 + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 1.30 + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 1.31 + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 1.32 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 1.33 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 1.34 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 1.35 + */ 1.36 + 1.37 +if (!$OPTIONS._fx) { 1.38 + print("Usage: jjs -fx showenv.js"); 1.39 + exit(1); 1.40 +} 1.41 + 1.42 +// This script displays environment entries as a HTML table. 1.43 +// Demonstrates heredoc to generate HTML content and display 1.44 +// using JavaFX WebView. 1.45 + 1.46 +// JavaFX classes used 1.47 +var Scene = Java.type("javafx.scene.Scene"); 1.48 +var WebView = Java.type("javafx.scene.web.WebView"); 1.49 + 1.50 +// JavaFX start method 1.51 +function start(stage) { 1.52 + start.title = "Your Environment"; 1.53 + var wv = new WebView(); 1.54 + var envrows = ""; 1.55 + for (var i in $ENV) { 1.56 + envrows += <<TBL 1.57 +<tr> 1.58 +<td> 1.59 +${i} 1.60 +</td> 1.61 +<td> 1.62 +${$ENV[i]} 1.63 +</td> 1.64 +</tr> 1.65 +TBL 1.66 + } 1.67 + 1.68 + wv.engine.loadContent(<<EOF 1.69 +<html> 1.70 +<head> 1.71 +<title> 1.72 +Your Environment 1.73 +</title> 1.74 +</head> 1.75 +<body> 1.76 +<h1>Your Environment</h1> 1.77 +<table border="1"> 1.78 +${envrows} 1.79 +</table> 1.80 +</body> 1.81 +</html> 1.82 +EOF, "text/html"); 1.83 + stage.scene = new Scene(wv, 750, 500); 1.84 + stage.show(); 1.85 +}
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/samples/showsysprops.js Fri Feb 27 19:16:29 2015 +0530 2.3 @@ -0,0 +1,84 @@ 2.4 +#// Usage: jjs -fx showsysprops.js 2.5 + 2.6 +/* 2.7 + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. 2.8 + * 2.9 + * Redistribution and use in source and binary forms, with or without 2.10 + * modification, are permitted provided that the following conditions 2.11 + * are met: 2.12 + * 2.13 + * - Redistributions of source code must retain the above copyright 2.14 + * notice, this list of conditions and the following disclaimer. 2.15 + * 2.16 + * - Redistributions in binary form must reproduce the above copyright 2.17 + * notice, this list of conditions and the following disclaimer in the 2.18 + * documentation and/or other materials provided with the distribution. 2.19 + * 2.20 + * - Neither the name of Oracle nor the names of its 2.21 + * contributors may be used to endorse or promote products derived 2.22 + * from this software without specific prior written permission. 2.23 + * 2.24 + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 2.25 + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 2.26 + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 2.27 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 2.28 + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 2.29 + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 2.30 + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 2.31 + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 2.32 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 2.33 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 2.34 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 2.35 + */ 2.36 + 2.37 +if (!$OPTIONS._fx) { 2.38 + print("Usage: jjs -fx showsysprops.js"); 2.39 + exit(1); 2.40 +} 2.41 + 2.42 +// This script displays System properties as a HTML table. 2.43 +// Demonstrates heredoc to generate HTML content and display 2.44 +// using JavaFX WebView. 2.45 + 2.46 +// JavaFX, Java classes used 2.47 +var Scene = Java.type("javafx.scene.Scene"); 2.48 +var System = Java.type("java.lang.System"); 2.49 +var WebView = Java.type("javafx.scene.web.WebView"); 2.50 + 2.51 +// JavaFX start method 2.52 +function start(stage) { 2.53 + start.title = "Your System Properties"; 2.54 + var wv = new WebView(); 2.55 + var sysproprows = ""; 2.56 + var sysprops = System.properties; 2.57 + for (var i in sysprops) { 2.58 + sysproprows += <<TBL 2.59 +<tr> 2.60 +<td> 2.61 +${i} 2.62 +</td> 2.63 +<td> 2.64 +${sysprops[i]} 2.65 +</td> 2.66 +</tr> 2.67 +TBL 2.68 + } 2.69 + 2.70 + wv.engine.loadContent(<<EOF 2.71 +<html> 2.72 +<head> 2.73 +<title> 2.74 +Your System Properties 2.75 +</title> 2.76 +</head> 2.77 +<body> 2.78 +<h1>Your System Properties</h1> 2.79 +<table border="1"> 2.80 +${sysproprows} 2.81 +</table> 2.82 +</body> 2.83 +</html> 2.84 +EOF, "text/html"); 2.85 + stage.scene = new Scene(wv, 750, 500); 2.86 + stage.show(); 2.87 +}
3.1 --- a/src/jdk/nashorn/internal/objects/Global.java Thu Feb 26 11:11:24 2015 +0000 3.2 +++ b/src/jdk/nashorn/internal/objects/Global.java Fri Feb 27 19:16:29 2015 +0530 3.3 @@ -952,7 +952,7 @@ 3.4 return str; 3.5 } 3.6 final Global global = Global.instanceFrom(self); 3.7 - final ScriptObject scope = self instanceof ScriptObject ? (ScriptObject)self : global; 3.8 + final ScriptObject scope = self instanceof ScriptObject && ((ScriptObject)self).isScope() ? (ScriptObject)self : global; 3.9 3.10 return global.getContext().eval(scope, str.toString(), callThis, location, strict, true); 3.11 }
4.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 4.2 +++ b/test/script/basic/JDK-8074021.js Fri Feb 27 19:16:29 2015 +0530 4.3 @@ -0,0 +1,41 @@ 4.4 +/* 4.5 + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. 4.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4.7 + * 4.8 + * This code is free software; you can redistribute it and/or modify it 4.9 + * under the terms of the GNU General Public License version 2 only, as 4.10 + * published by the Free Software Foundation. 4.11 + * 4.12 + * This code is distributed in the hope that it will be useful, but WITHOUT 4.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 4.14 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 4.15 + * version 2 for more details (a copy is included in the LICENSE file that 4.16 + * accompanied this code). 4.17 + * 4.18 + * You should have received a copy of the GNU General Public License version 4.19 + * 2 along with this work; if not, write to the Free Software Foundation, 4.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 4.21 + * 4.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 4.23 + * or visit www.oracle.com if you need additional information or have any 4.24 + * questions. 4.25 + */ 4.26 + 4.27 +/** 4.28 + * JDK-8074021: Indirect eval fails when used as an element of an array or as a property of an object 4.29 + * 4.30 + * @test 4.31 + * @run 4.32 + */ 4.33 + 4.34 +var obj = { foo: eval }; 4.35 +Assert.assertTrue(obj.foo("typeof(print) == 'function'")); 4.36 +Assert.assertTrue(obj.foo("RegExp instanceof Function")); 4.37 +Assert.assertEquals(obj.foo("String(new Array(2, 4, 3))"), "2,4,3"); 4.38 +obj.foo("print('hello')"); 4.39 + 4.40 +var args = [ eval ]; 4.41 +Assert.assertTrue(args[0]("typeof(print) == 'function'")); 4.42 +Assert.assertTrue(args[0]("RegExp instanceof Function")); 4.43 +Assert.assertEquals(args[0]("String(new Array(2, 4, 3))"), "2,4,3"); 4.44 +args[0]("print('hello')");
5.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 5.2 +++ b/test/script/basic/JDK-8074021.js.EXPECTED Fri Feb 27 19:16:29 2015 +0530 5.3 @@ -0,0 +1,2 @@ 5.4 +hello 5.5 +hello
