removed eval's

2020-04-29 18:41:16 +02:00 · 2020-04-29 18:41:16 +02:00 · ee2ba047ab
parent 21d614aa97
commit ee2ba047ab
2 changed files with 41 additions and 25 deletions
--- a/app/scripts/plugins/plugin.js
+++ b/app/scripts/plugins/plugin.js
@ -360,30 +360,39 @@ class Plugin extends Model {
    }

    applyJs(name, data) {
-        return Promise.resolve().then(() => {
-            let text = kdbxweb.ByteUtils.bytesToString(data);
-            this.module = { exports: {} };
-            const id = 'plugin-' + Date.now().toString() + Math.random().toString();
-            global[id] = {
-                require: PluginApi.require,
-                module: this.module
-            };
-            text = `(function(require, module){${text}})(window["${id}"].require,window["${id}"].module);`;
-            const ts = this.logger.ts();
-            // eslint-disable-next-line no-eval
-            eval(text);
-            return new Promise((resolve, reject) => {
-                setTimeout(() => {
-                    delete global[id];
-                    if (this.module.exports.uninstall) {
-                        this.logger.debug('Plugin script installed', this.logger.ts(ts));
-                        this.loadPluginSettings();
-                        resolve();
-                    } else {
-                        reject('Plugin script installation failed');
-                    }
-                }, 0);
-            });
+        return new Promise((resolve, reject) => {
+            try {
+                let text = kdbxweb.ByteUtils.bytesToString(data);
+                this.module = { exports: {} };
+                const id = 'plugin-' + Date.now().toString() + Math.random().toString();
+                global[id] = {
+                    require: PluginApi.require,
+                    module: this.module
+                };
+                text = `(function(require, module){${text}})(window["${id}"].require,window["${id}"].module);`;
+                const ts = this.logger.ts();
+                const blob = new Blob([text], { type: 'text/javascript' });
+                const objectUrl = URL.createObjectURL(blob);
+                const el = this.createElementInHead('script', id, {
+                    src: objectUrl
+                });
+                el.addEventListener('load', () => {
+                    URL.revokeObjectURL(objectUrl);
+                    setTimeout(() => {
+                        delete global[id];
+                        if (this.module.exports.uninstall) {
+                            this.logger.debug('Plugin script installed', this.logger.ts(ts));
+                            this.loadPluginSettings();
+                            resolve();
+                        } else {
+                            reject('Plugin script installation failed');
+                        }
+                    }, 0);
+                });
+            } catch (e) {
+                this.logger.error('Error installing plugin script', e);
+                reject(e);
+            }
        });
    }

--- a/build/webpack.config.js
+++ b/build/webpack.config.js
@ -107,7 +107,14 @@ function config(options) {
                },
                {
                    test: /baron(\.min)?\.js$/,
-                    loader: 'exports-loader?baron; delete window.baron;'
+                    use: [
+                        StringReplacePlugin.replace({
+                            replacements: [
+                                { pattern: /\(1,\s*eval\)\('this'\)/g, replacement: () => 'window' }
+                            ]
+                        }),
+                        { loader: 'exports-loader?baron; delete window.baron;' }
+                    ]
                },
                {
                    test: /babel-helpers\.js$/,