Bypass 002: Function("return this")() d'oh!

[natevw]

Welp, this one is too easy:
http://natevw.github.io/evel/challenge.html#Function(%22return%20this%22)()

Credit: https://twitter.com/wisecwisec/status/357861675782770689

Need to dive into the spec and figure out why Function breaks out of strict mode while eval doesn't — this could be intentional and if so we're ± hosed? We could pass in evel.Function as Function, but I suspect it's trivial to get the original back via primitives and any other exposed methods.

[natevw]

After a bit more convo with Stefano, it's not looking good to me, e.g. https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function#Description says:

Note: Functions created with the Function constructor do not create closures to their creation contexts; they always run in the window context (unless the function body starts with a "use strict"; statement, in which case the context is undefined).

So not only is the window context leaked, but even if this could be avoided all the globals we've masked via closure would become available again.

Not quite ready to wave the white flag, but I suspect this is gonna be a losing battle.