Defining and invoking a function can walk the 'function caller chain' out of the sandbox

rehanift / engine.js

A scriptable task engine

MIT License

23 stars 4 forks source link

Defining and invoking a function can walk the 'function caller chain' out of the sandbox #7

Closed rehanift closed 12 years ago

rehanift commented 12 years ago

Start server with node script/server.js then run

var engine = require("engine.js").engine;

var client = engine.client.create();

var task = client.createTask();
task.setContext('(function(){ return {} })');
task.setCode('(function foo() { console.log( foo.caller.caller.toString());})()');
task.setLocals({});

task.on('eval', function(data){
    console.log(data);
});

task.on('output', function(data){
    console.log(data);
});

task.run();

rehanift commented 12 years ago

This issue was fixed but never closed.

When I run this example now, the eval response is TypeError: Illegal access to a strict mode caller function.

Here is a test that verifies this behavior: https://github.com/rehanift/engine.js/blob/master/spec/end-to-end/security_spec.js#L84