Open mikesamuel opened 5 years ago
I was unaware of this behavior.
This could lead to false positives/negatives or breaking sites. It could also be used to identify when Eval Villain is hooking eval in the page.
Thanks
It could also be used to identify when Eval Villain is hooking eval in the page.
Yeah.
function isEvalHooked() {
var Object = 0; // Mask the global.
return eval('typeof Object') !== 'number';
}
console.log(isEvalHooked()); // -> false
eval = new Proxy(eval, {});
console.log(isEvalHooked()); // -> true
This is more of an fyi since I have no suggested fix.
applyEvalVillain("eval")
turns direct eval into indirect evalhttps://github.com/swoops/eval_villain/blob/8c49852dee59d2541dcb4a5cede68b76c0878caf/src/js/switcheroo.js#L385
Since
eval
!== %eval%, all eval becomes direct eval.You can see the difference in
This happens because of step 6.a in 12.3.4.1
when evaluating function calls where the function is the identifier eval.