This extension enables arbitrary code execution via Eval() dbus method. This means when you enable this extension, malicious apps, extensions or scripts can call the said dbus method and run malicious GJS codes on your machine.

The extension at https://extensions.gnome.org/extension/5952/eval-gjs/ was not uploaded nor maintained by me. Please refrain from installing this extension at all.

For the legacy version, check out the legacy branch first before installing.

As of GNOME 41, the dbus method Eval() is now restricted with MetaContext:unsafe-mode property (see this commit). This extension provides unrestricted Eval() dbus method for running arbitrary code in the compositor.

• Run arbitrary GJS code like you would with GNOME Eval() dbus method.
• Main, Gio, GLib and Meta available by default.

git clone git://github.com/ramottamado/eval-gjs.git
cd eval-gjs
make install

gdbus call \
  --session \
  --dest org.gnome.Shell \
  --object-path /dev/ramottamado/EvalGjs \
  --method dev.ramottamado.EvalGjs.Eval "Main.overview.show();"