mirror of
https://github.com/google/blockly.git
synced 2026-01-09 01:50:11 +01:00
ce02665044
This change means the list is complete for every environment. This makes evaling code more safe. However it also means that code generated on one environment isn't guaranteed to be free of global collisions when executed on another environment (with the exception of the JS Interpreter). So if you are generating code in Node, and then executing it with eval() in a user's browser a user's program could declare a variable named `location`, assign to it, and the browser will redirect to that URL. Honestly, that's what you get for evaling untrusted code between users. Use the JS Interpreter if you are doing anything other than just generating and executing in the same environment.