Security: Dangerous JavaScript eval() functions

Question

Security: Dangerous JavaScript eval() functions

globeone opened this issue 3 years ago · 2 comments

There are 6 JavaScript eval() functions in use that are dangerous.
Especially when the JavaScript is loaded in memory.

Eval allows strings to be run as executables and is dangerous to use.
Please see the following Mozilla Dev article with tips on how to rewrite these functions securely.

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval

Answer 1 · 2022-06-27T16:26:44.000Z

I don't see any eval occurrences in this repository. Could you be more specific in what you're asking for?

I'm going to close but we can reopen if you provide more information.

Answer 2 · 2022-06-27T17:04:00.000Z

@mgol Apologies for this ticket. It turns out to be a Kendo custom forked version of jquery-mousewheel. They added this vulnerability to their forked version but kept the original jquery-mousewheel version and copyright line.