fix: crash under csp

[Jack-Works]

close #1281

[kriskowal]

Freeze would suffice here

[mhofman]

Not in scope for this PR, but wondering what kind of test we could have to make sure we don't break no-eval environments. The setup would likely look like replacing the evaluators with functions that throw before importing ses. The question is how to scope a subset of the tests with this environment.

[Jack-Works]

since Compartment is not available under no-eval environment, test lockdown is enough.

[kriskowal]

Not in scope for this PR, but wondering what kind of test we could have to make sure we don't break no-eval environments. The setup would likely look like replacing the evaluators with functions that throw before importing ses. The question is how to scope a subset of the tests with this environment.

As it happens, you wrote one already. https://github.com/endojs/endo/blob/master/packages/ses/test/test-no-eval.js

It’s marked as failing. I’d like this PR to remove the failing bit from that test. I looked into it and this change isn’t sufficient. Thankfully, @mhofman left notes: #903

  no-eval › lockdown must not throw when eval is forbidden

  Error thrown in test:

  TypeError {
    message: 'no unsafe-eval, as if by content-security-policy',
  }

  › globalThis.eval (file://test/no-eval.js:6:9)
  › repairFunction (file://src/tame-function-constructors.js:71:35)
  › tameFunctionConstructors (file://src/tame-function-constructors.js:118:3)
  › repairIntrinsics (file://src/lockdown-shim.js:276:17)
  › lockdown (file://src/lockdown-shim.js:410:28)
  › file://test/test-no-eval.js:9:30

[mhofman]

Oh lol, thanks past me!
However maybe the failing test I wrote isn't right since @Jack-Works could use the shim before this regression. I'd need to page back in memory what my thinking was back then.

[kriskowal]

I’m landing this as it’s incremental progress. Further work will be necessary to avoid eval with a lockdown flag without compromising lockdown invariants.