Giters

kriszyp / msgpackr

Ultra-fast MessagePack implementation with extension for record and structural cloning / msgpack.org[JavaScript/NodeJS]

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Unpacking structures without eval

wirelyre opened this issue · comments

commented

My environment disallows eval and variants. It fails to construct a function at runtime (line 444):

msgpackr/unpack.js

Lines 441 to 455 in 3a6c46e

function readObject() {
// This initial function is quick to instantiate, but runs slower. After several iterations pay the cost to build the faster function
if (readObject.count++ > 2) {
let readObject = structure.read = (new Function('r', 'return function(){return {' + structure.map(key => validName.test(key) ? key + ':r()' : ('[' + JSON.stringify(key) + ']:r()')).join(',') + '}}'))(read)
if (structure.highByte === 0)
structure.read = createSecondByteReader(firstId, structure.read)
return readObject() // second byte is already read, if there is one so immediately read object
}
let object = {}
for (let i = 0, l = structure.length; i < l; i++) {
let key = structure[i]
object[key] = read()
}
return object
}

Is there a configuration option to just use the slow path? I'd like to keep using the record extension to save space — I'm assuming it's probably still faster than decoding a regular map anyway.

commented

Yeah, that seems reasonable to support. Would this need a configuration option, or can these be detected automatically? That is, does a test call like new Function('') throw an error in your environment, that can be caught to detect that eval-variants are disallowed and automatically opt of using it?

commented

I didn't think of that!

Yes, it throws an EvalError, and yes, it can be caught.

commented

Brilliant: fixed in 2c84ce6, works perfectly.

Thank you so much!

commented

Thanks for verifying. Published in v1.5.5.