Whitelist node types allowed in @implementation body

musictheory / NilScript

Objective-C-style language superset of JavaScript with a tiny, simple runtime

Other

50 stars 5 forks source link

Closed iccir closed 8 years ago

iccir commented 8 years ago

Right now, arbitrary code can be used inside of an @implementation:

@implementation Foo

for (var i =0; i < 10; i++) {
    console.log("Eh?");
}

@end

This behavior is undefined, and has changed over the years, as the generated code from an @implementation block may be executed lazily.

We should whitelist the allowed node types which can be present in the body array.

iccir commented 8 years ago

I believe the comprehensive list is:

EmptyStatement (to allow extra ;s), FunctionDeclaration, OJMethodDefinition, OJPropertyDirective, OJDynamicDirective, OJSynthesizeDirective

VariableDeclaration may be used provided that initialization is to a literal.

This matches the previously documented behavior.