-
-
Notifications
You must be signed in to change notification settings - Fork 699
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use a hardcoded no-op instead of instancing #1032
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems like a good idea. Let's get one more from @chaijs/chai to review and merge 😄
lib/chai/utils/addProperty.js
Outdated
@@ -36,7 +36,7 @@ var transferFlags = require('./transferFlags'); | |||
*/ | |||
|
|||
module.exports = function addProperty(ctx, name, getter) { | |||
getter = getter === undefined ? new Function() : getter; | |||
getter = getter === undefined ? function(){} : getter; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is very nitpicky, but for the sake of consistency with other parts of the code, could you use function () {}
instead please? Thanks 😊
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@astorije I've force-pushed an amended commit.
The use of `new Function()` causes an EvalError if the environment's CSP forbids execution of unsafe-eval. As there's no runtime evaluation being performed, it's better to use a plain anonymous function instead.
@astorije Is there an ETA for the next release? The |
Sorry @Alhadis, I can't say I have been the best project owner thus far, so releases are a bit out of my reach. @keithamus, maybe you would know more? :) |
We currently have a mostly open release cycle. What it takes for a release is the following:
It's important to note anyone can make this PR. For example a community member released 4.1.0 (#998). We want to - generally - get the community involved in every aspect including release management if we can! |
That's... a refreshingly open and welcoming attitude I've not seen before, and certainly an inviting one. 😄 Since I'm the one badgering for a release, I may as well handle the accompanying pull-request. That'll give me a version to set in a new ... yeah, there's a lot that's hinging on such a little change, heh. :D |
I'm so sorry about the delay! 😞 I got sidetracked. PR submitted! See #1037. Hope the release notes cover everything adequately. |
Using
new Function()
is considered unsafe evaluation, which means it breaks if executed in an environment with a strict Content Security Policy (CSP).In my case, it's causing an EvalError for a test-runner I wrote for Atom:
This is only being used to provide a no-op function, so there's no need to use
new Function()
when an anonymous function will suffice.