From 1d89c5d1e16d67962db2735efc601b48bd78255d Mon Sep 17 00:00:00 2001
From: Shelley Vohr <shelley.vohr@gmail.com>
Date: Wed, 23 Oct 2019 11:06:57 -0700
Subject: cli: whitelist new V8 flag in NODE_OPTIONS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Explicitly whitelists --disallow-code-generation-from-strings in
NODE_OPTIONS as a new V8 flag. This flag prevents strings like eval()
from performing code generation.

PR-URL: https://github.com/nodejs/node/pull/30094
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
---
 doc/node.1 | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'doc/node.1')

diff --git a/doc/node.1 b/doc/node.1
index 9af077fc96..e9b7855b9b 100644
--- a/doc/node.1
+++ b/doc/node.1
@@ -100,6 +100,11 @@ The default is
 File name of the V8 CPU profile generated with
 .Fl -cpu-prof
 .
+.It Fl -disallow-code-generation-from-strings
+Make built-in language features like `eval` and `new Function` that generate
+code from strings throw an exception instead. This does not affect the Node.js
+`vm` module.
+.
 .It Fl -enable-fips
 Enable FIPS-compliant crypto at startup.
 Requires Node.js to be built with
-- 
cgit v1.2.3