kitten.sh
+8
-2
src/index.ts
+8
-2
src/index.ts
···
81
81
}
82
82
83
83
let safeGlobal: Record<string | symbol, unknown> | void;
84
+
let vmGlobals: Record<string | symbol, unknown> = {};
84
85
85
86
function makeSafeGlobal() {
86
87
if (safeGlobal) {
···
101
102
102
103
// When we're in the browser, we can go a step further and try to create a
103
104
// new JS context and globals in a separate iframe
104
-
let vmGlobals = trueGlobal;
105
+
vmGlobals = trueGlobal;
105
106
let iframe: HTMLIFrameElement | void;
106
107
if (typeof document !== 'undefined') {
107
108
try {
···
176
177
const safeGlobal = makeSafeGlobal();
177
178
const code = args.pop();
178
179
180
+
// Retrieve Function constructor from vm globals
181
+
const Function = vmGlobals.Function as FunctionConstructor | void;
182
+
const Object = vmGlobals.Object as ObjectConstructor;
183
+
const createFunction = (Function || Object.constructor.constructor) as FunctionConstructor;
184
+
179
185
// We pass in our safe global and use it using `with` (ikr...)
180
186
// We then add a wrapper function for strict-mode and a few closing
181
187
// statements to prevent the code from escaping the `with` block;
182
-
const fn = new Function(
188
+
const fn = createFunction(
183
189
'globalThis',
184
190
...args,
185
191
'with (globalThis) {\n"use strict";\nreturn (function () {\n' +