Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider using an indirect eval for DYNAMIC_EXECUTION #23464

Open
segevfiner opened this issue Jan 22, 2025 · 1 comment
Open

Consider using an indirect eval for DYNAMIC_EXECUTION #23464

segevfiner opened this issue Jan 22, 2025 · 1 comment
Assignees
@brendandahl
Labels
embind

Comments

@segevfiner
Copy link

The supporting JS code for DYNAMIC_EXECUTION currently uses a direct eval, which gives the eval-ed code access to names in the scope it is called from, as bundlers (Rollup, esbuild, and so on) cannot analyze such accesses, they emit a warning and might have to resort to performing less tree shaking.

Using an indirect eval ((0, eval)) avoids this, and if possible, should be preferred.

Of course, using eval at all is a problem with a CSP, though I think it might be possible to workaround that by injecting dynamic script tags with a nonce instead of using eval to allow running without unsafe-eval. But that's another issue.
@sbc100 sbc100 added the embind label Jan 22, 2025
@sbc100
Copy link
Collaborator

sbc100 commented Jan 22, 2025
edited
Loading

I wonder if we should also simply consider removing DYNAMIC_EXECUTION? (Especially now that we have the AOT option)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brendandahl brendandahl

Labels
embind
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sbc100 @brendandahl @segevfiner