diff --git a/www/common/sframe-boot2.js b/www/common/sframe-boot2.js index 2870be392..323efaef6 100644 --- a/www/common/sframe-boot2.js +++ b/www/common/sframe-boot2.js @@ -43,5 +43,14 @@ define([ throw e; }; + var caughtEval; + try { eval('true'); } catch (err) { caughtEval = true; } + + if (!/^\/(sheet|doc|presentation)/.test(window.location.pathname) && !caughtEval) { + return void setTimeout(function () { + alert("aborting because eval should not be permitted."); + }); + } + require([document.querySelector('script[data-bootload]').getAttribute('data-bootload')]); });