Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Git rid of eval() in WASM wrapper

See original GitHub issue

Hi again! I used DotNetJS to create a library that exposes some common functions that we share across C# executables and an Electron app to ensure the behaviour is identical. The problem is, the electron’s app (Vortex) is blocking eval execution due to it’s CSP. I did earlier some investigation about this, but I would like to double check! Is eval critical for the runtime to work or is it used only for debugging? Could we strip it’s usage with some conditionals?

Issue Analytics

  • State:open
  • Created a year ago
  • Comments:10 (10 by maintainers)

github_iconTop GitHub Comments

Aragascommented, Aug 23, 2022

As I understand, will be fixed once this is done

Aragascommented, Apr 27, 2022

I’ll report at least my findings then.

I think that there’s an additional eval call in function Function.apply(Function, i); After replacing all evals with { } as you did, Vortex still had an issue with that function. After replacing it with (x, y) => () => { }, CSP wasn’t triggering anymore and Vortex stared to load the module, but now there’s this error Error: System.NullReferenceException: Arg_NullReferenceException, pretty sure it breaks the runtime.

From what I understand somehow an eval function is injected here

I manually enabled unsafe-eval for better debugging and tried some shenanigans like new Function('"use strict";return (' + keys+ ')'), but nope. Replacing with new Function('return ' + keys); or new Function(keys) yielded an interesting error and stacktrace: ReferenceError: converter is not defined at eval (https://mono-wasm.invalid/variadic_converter_ii_result_unmarshaled:3:1) which confirms that eval is used internally, as I understand.

I’m still not sure what Function.apply() does. It’s safe to replace the first arg with null instead of Function, not sure why it wasn’t done. Replacing the whole construction with eval(keys) works too. But as said earlier, the alternative with new Function() isn’t working.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Remove `unsafe-eval` CSP Requirement for Blazor WASM
Runtime made the necessary changes that unsafe-eval may no longer be required for ... Git rid of eval() in WASM wrapper Elringus/DotNetJS#51.
Read more >
Interacting with code — Emscripten 3.1.26-git (dev ...
This effectively runs the specified JavaScript code from C/C++ using eval() . For example, to call the browser's alert() function with the text...
Read more >
Why is using the JavaScript eval function a bad idea?
eval 'd code executes slower (no opportunity to compile/cache eval'd code). Edit: As @Jeff Walden points out in comments, #3 is less true...
Read more >
Using the WebAssembly JavaScript API - MDN Web Docs
value property, and then to 43 using the incGlobal() function exported out of the global.wasm module (this adds 1 to whatever value is...
Read more >
Seldom used and expert built-ins - Apache FreeMarker Manual
getMyProperty() in Java, instead of to myMap.get("myProperty") . ... Hence, this depends on the object_wrapper FreeMarker configuration ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found