A security exception occurs when partially trusted code tries to create a function object by using the eval or the Function constructs in JScript .NET (836660)
The information in this article applies to:
- Microsoft Visual J# .NET (2003)
- Microsoft Visual J# .NET (2002)
- Microsoft JScript .NET
SYMPTOMSMicrosoft JScript .NET throws a security exception when partially trusted code tries to create a Function object by using the eval method or the function constructs. For example, both the following statements throw a security exception when they are executed from partially trusted code: var d1 = new Function("x", "y", "return x+y;");
var d2 = eval("function sample(a,b) { return a+b; }");
CAUSEThe JScript .NET code that tries to create a new Function object at run time by using the eval method or the function constructs fails because the code requires unmanaged code permissions and various other permissions. These permissions are not always predictable at compile time.RESOLUTIONTo resolve this problem, if code security can be configured and if the script code can be trusted, grant the script code Full Trust permissions.WORKAROUNDTo work around the problem if you do not need a dynamically compiled function, reformulate the code. For example, use the following statements that successfully compile and then run in partially trusted environments to replace the code that is in the "Symptoms" section of this article: var d1 = function (x,y) { return x+y; }
var d2 = function sample(a,b) { return a+b; }STATUS This behavior is by design.REFERENCESFor more information, visit the following Microsoft Developer Network (MSDN) Web site:
| Modification Type: | Major | Last Reviewed: | 2/23/2004 |
|---|
| Keywords: | kbScript kbSecurity kbProgramming kbAuthentication kbprb KB836660 kbAudDeveloper |
|---|
|