option to disable runtime code evaluation
diff --git a/priv/couch_js/help.h b/priv/couch_js/help.h
index 7601e9d..e6afaa8 100644
--- a/priv/couch_js/help.h
+++ b/priv/couch_js/help.h
@@ -54,6 +54,7 @@
" most SIZE bytes of memory to be allocated\n"
" -u FILE path to a .uri file containing the address\n"
" (or addresses) of one or more servers\n"
+ " --no-eval Disable runtime code evaluation\n"
"\n"
"Report bugs at <%s>.\n";
diff --git a/priv/couch_js/main.c b/priv/couch_js/main.c
index 50d072c..dabeb19 100644
--- a/priv/couch_js/main.c
+++ b/priv/couch_js/main.c
@@ -349,6 +349,26 @@
};
+static JSBool
+csp_allows(JSContext* cx)
+{
+ couch_args *args = (couch_args*)JS_GetContextPrivate(cx);
+ if(args->no_eval) {
+ return JS_FALSE;
+ } else {
+ return JS_TRUE;
+ }
+}
+
+
+static JSSecurityCallbacks security_callbacks = {
+ NULL,
+ NULL,
+ NULL,
+ csp_allows
+};
+
+
int
main(int argc, const char* argv[])
{
@@ -382,7 +402,8 @@
JS_SetOptions(cx, JSOPTION_TYPE_INFERENCE);
#endif
JS_SetContextPrivate(cx, args);
-
+ JS_SetRuntimeSecurityCallbacks(rt, &security_callbacks);
+
SETUP_REQUEST(cx);
global = JS_NewCompartmentAndGlobalObject(cx, &global_class, NULL);
diff --git a/priv/couch_js/util.c b/priv/couch_js/util.c
index 2f2a2a7..7919025 100644
--- a/priv/couch_js/util.c
+++ b/priv/couch_js/util.c
@@ -98,6 +98,8 @@
}
} else if(strcmp("-u", argv[i]) == 0) {
args->uri_file = argv[++i];
+ } else if(strcmp("--no-eval", argv[i]) == 0) {
+ args->no_eval = 1;
} else if(strcmp("--", argv[i]) == 0) {
i++;
break;
diff --git a/priv/couch_js/util.h b/priv/couch_js/util.h
index 3c71f69..062469d 100644
--- a/priv/couch_js/util.h
+++ b/priv/couch_js/util.h
@@ -16,6 +16,7 @@
#include <jsapi.h>
typedef struct {
+ int no_eval;
int use_http;
int use_test_funs;
int stack_size;
