Mirrors/phaser
2
0
Fork 0
mirror of https://github.com/photonstorm/phaser synced 2024-11-24 21:53:59 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #3448 from jamierocks/no-eval

Browse source 
Remove string-generated Functions for CSP policies
This commit is contained in:
Richard Davey 2018-03-27 00:08:44 +01:00 committed by GitHub
commit 72eca92e4d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
src/structs/RTree.js
View file

@ -467,20 +467,25 @@ rbush.prototype = {
{
// data format (minX, minY, maxX, maxY accessors)
// uses eval-type function compilation instead of just accepting a toBBox function
// because the algorithms are very sensitive to sorting functions performance,
// so they should be dead simple and without inner calls
// Do not use string-generated Functions for CSP policies
// Instead a combination of anonymous functions and grabbing
// properties by string is used.
var compareArr = function(accessor) {
return function(a, b) {
return this[a + accessor] - this[b + accessor];
};
};
this.compareMinX = compareArr(format[0]);
this.compareMinY = compareArr(format[1]);
var compareArr = ['return a', ' - b', ';'];
this.compareMinX = new Function('a', 'b', compareArr.join(format[0]));
this.compareMinY = new Function('a', 'b', compareArr.join(format[1]));
this.toBBox = new Function('a',
'return {minX: a' + format[0] +
', minY: a' + format[1] +
', maxX: a' + format[2] +
', maxY: a' + format[3] + '};');
this.toBBox = function (a) {
return {
minX: a + format[0],
minY: a + format[1],
maxX: a + format[2],
maxy: a + format[3]
};
};
}
};