Permalink
Browse files

Fix issue #71 (minified version behaves differently from unminified v…

…ersion)
  • Loading branch information...
1 parent 50ef0bd commit 666c3969ad3dfb4b1ecd44b8001253ff13b14c33 @SteveSanderson SteveSanderson committed Apr 27, 2011
Showing with 19 additions and 11 deletions.
  1. +5 −1 build/output/knockout-latest.debug.js
  2. +9 −9 build/output/knockout-latest.js
  3. +5 −1 src/utils.js
@@ -161,9 +161,13 @@ ko.utils = new (function () {
},
evalWithinScope: function (expression, scope) {
+ // Always do the evaling within a "new Function" to block access to parent scope
if (scope === undefined)
return (new Function("return " + expression))();
- with (scope) { return eval("(" + expression + ")"); }
+
+ // Ensure "expression" is flattened into a source code string *before* it runs, otherwise
+ // the variable name "expression" itself will clash with a subproperty called "expression"
+ return (new Function("sc", "with(sc) { return (" + expression + ") }"))(scope);
},
domNodeIsContainedBy: function (node, containedByNode) {

Some generated files are not rendered by default. Learn more.

Oops, something went wrong.
View
@@ -145,9 +145,13 @@ ko.utils = new (function () {
},
evalWithinScope: function (expression, scope) {
+ // Always do the evaling within a "new Function" to block access to parent scope
if (scope === undefined)
return (new Function("return " + expression))();
- with (scope) { return eval("(" + expression + ")"); }
+
+ // Ensure "expression" is flattened into a source code string *before* it runs, otherwise
+ // the variable name "expression" itself will clash with a subproperty called "expression"
+ return (new Function("sc", "with(sc) { return (" + expression + ") }"))(scope);
},
domNodeIsContainedBy: function (node, containedByNode) {

0 comments on commit 666c396

Please sign in to comment.