From cb5f358ee7461f191db8c88e0af26023558f5232 Mon Sep 17 00:00:00 2001
From: Gus Caplan <me@gus.host>
Date: Mon, 26 Feb 2018 14:29:41 -0600
Subject: vm: add code generation options

Adds options to a VM Context to disable code generation from strings
(such as eval or new Function) and WASM code generation
(WebAssembly.compile).

PR-URL: https://github.com/nodejs/node/pull/19016
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
---
 doc/api/vm.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'doc/api/vm.md')

diff --git a/doc/api/vm.md b/doc/api/vm.md
index 12e35e9f72..b9ccf93b7b 100644
--- a/doc/api/vm.md
+++ b/doc/api/vm.md
@@ -495,6 +495,14 @@ added: v0.3.1
     value of the [`url.origin`][] property of a [`URL`][] object. Most notably,
     this string should omit the trailing slash, as that denotes a path.
     **Default:** `''`.
+  * `contextCodeGeneration` {Object}
+    * `strings` {boolean} If set to false any calls to `eval` or function
+      constructors (`Function`, `GeneratorFunction`, etc) will throw an
+      `EvalError`.
+      **Default**: `true`.
+    * `wasm` {boolean} If set to false any attempt to compile a WebAssembly
+      module will throw a `WebAssembly.CompileError`.
+      **Default**: `true`.
 
 First contextifies the given `sandbox`, runs the compiled code contained by
 the `vm.Script` object within the created sandbox, and returns the result.
@@ -578,6 +586,14 @@ added: v0.3.1
     the [`url.origin`][] property of a [`URL`][] object. Most notably, this
     string should omit the trailing slash, as that denotes a path.
     **Default:** `''`.
+  * `codeGeneration` {Object}
+    * `strings` {boolean} If set to false any calls to `eval` or function
+      constructors (`Function`, `GeneratorFunction`, etc) will throw an
+      `EvalError`.
+      **Default**: `true`.
+    * `wasm` {boolean} If set to false any attempt to compile a WebAssembly
+      module will throw a `WebAssembly.CompileError`.
+      **Default**: `true`.
 
 If given a `sandbox` object, the `vm.createContext()` method will [prepare
 that sandbox][contextified] so that it can be used in calls to
-- 
cgit v1.2.3