From 8fe8d38bec9f3e77e3b5daa87a7e229c97a57c16 Mon Sep 17 00:00:00 2001
From: jmoenig <jens@moenig.org>
Date: Wed, 9 Jun 2021 18:30:09 +0200
Subject: [PATCH] reinstated JS-function control, disabled JS-functions by
 default

---
 HISTORY.md     |  3 +++
 snap.html      |  8 ++++----
 src/byob.js    |  8 ++++----
 src/gui.js     |  2 --
 src/objects.js |  6 +++---
 src/store.js   |  4 ++--
 src/threads.js | 13 ++++++++-----
 7 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/HISTORY.md b/HISTORY.md
index 92046738..667703ce 100755
--- a/HISTORY.md
+++ b/HISTORY.md
@@ -2,6 +2,8 @@
 
 ## in development:
 
+* **Notable Changes:**
+    * JS-functions are now disabled by default until switched on in the settings menu per session  
 * **Notable Fixes:**
     * register unsaved changes when the user edits a comment
     * fixed bignums library and and made colors library faster, thanks, Brian!
@@ -17,6 +19,7 @@
 * new Hindi translation, thanks, Barthdry!
 * fixed bignums library and and made colors library faster, thanks, Brian!
 * fixed setting the IDE language via a url parameter, thanks, Joan!
+* reinstated JS-function control, disabled JS-functions by default
 
 ## 6.8.1
 * **Notable Fixes:**
diff --git a/snap.html b/snap.html
index 12344046..200960ad 100755
--- a/snap.html
+++ b/snap.html
@@ -9,18 +9,18 @@
         <script src="src/symbols.js?version=2021-03-03"></script>
         <script src="src/widgets.js?version=2021-01-05"></script>
         <script src="src/blocks.js?version=2021-06-09"></script>
-        <script src="src/threads.js?version=2021-04-17"></script>
-        <script src="src/objects.js?version=2021-04-23"></script>
+        <script src="src/threads.js?version=2021-06-09"></script>
+        <script src="src/objects.js?version=2021-06-09"></script>
         <script src="src/gui.js?version=2021-06-09"></script>
         <script src="src/paint.js?version=2020-05-17"></script>
         <script src="src/lists.js?version=2021-03-15"></script>
-        <script src="src/byob.js?version=2021-04-20"></script>
+        <script src="src/byob.js?version=2021-06-09"></script>
         <script src="src/tables.js?version=2021-03-05"></script>
         <script src="src/sketch.js?version=2020-07-13"></script>
         <script src="src/video.js?version=2019-06-27"></script>
         <script src="src/maps.js?version=2020-03-25"></script>
         <script src="src/xml.js?version=2020-04-27"></script>
-        <script src="src/store.js?version=2021-03-09"></script>
+        <script src="src/store.js?version=2021-06-09"></script>
         <script src="src/locale.js?version=2021-06-09"></script>
         <script src="src/cloud.js?version=2021-02-04"></script>
         <script src="src/api.js?version=2021-01-25"></script>
diff --git a/src/byob.js b/src/byob.js
index 7004fb07..bdc79523 100644
--- a/src/byob.js
+++ b/src/byob.js
@@ -106,7 +106,7 @@ WatcherMorph, XML_Serializer, SnapTranslator*/
 
 // Global stuff ////////////////////////////////////////////////////////
 
-modules.byob = '2021-May-04';
+modules.byob = '2021-June-09';
 
 // Declarations
 
@@ -347,9 +347,9 @@ CustomBlockDefinition.prototype.parseChoices = function (string) {
     if (string.match(/^function\s*\(.*\)\s*{.*\n/)) {
         // It's a JS function definition.
         // Let's extract its params and body, and return a Function out of them.
-        // if (!this.enableJS) {
-        //     throw new Error('JavaScript is not enabled');
-        // }
+        if (!Process.prototype.enableJS) {
+            throw new Error('JavaScript is not enabled');
+        }
         params = string.match(/^function\s*\((.*)\)/)[1].split(',');
         body = string.split('\n').slice(1,-1).join('\n');
         return Function.apply(null, params.concat([body]));
diff --git a/src/gui.js b/src/gui.js
index d0d0c7fa..2e2d3b6c 100644
--- a/src/gui.js
+++ b/src/gui.js
@@ -3494,7 +3494,6 @@ IDE_Morph.prototype.settingsMenu = function () {
         'microphoneMenu'
     );
     menu.addLine();
-    /*
     addPreference(
         'JavaScript',
         () => {
@@ -3507,7 +3506,6 @@ IDE_Morph.prototype.settingsMenu = function () {
         'uncheck to disable support for\nnative JavaScript functions',
         'check to support\nnative JavaScript functions'
     );
-    */
     if (isRetinaSupported()) {
         addPreference(
             'Retina display support',
diff --git a/src/objects.js b/src/objects.js
index 9a042105..8034bee4 100644
--- a/src/objects.js
+++ b/src/objects.js
@@ -84,7 +84,7 @@ BlockEditorMorph, BlockDialogMorph, PrototypeHatBlockMorph,  BooleanSlotMorph,
 localize, TableMorph, TableFrameMorph, normalizeCanvas, VectorPaintEditorMorph,
 AlignmentMorph, Process, WorldMap, copyCanvas, useBlurredShadows*/
 
-modules.objects = '2021-April-23';
+modules.objects = '2021-June-09';
 
 var SpriteMorph;
 var StageMorph;
@@ -2671,7 +2671,7 @@ SpriteMorph.prototype.blockTemplates = function (category) {
         blocks.push(block('reportIsA'));
         blocks.push(block('reportIsIdentical'));
 
-        if (true) { // (Process.prototype.enableJS) {
+        if (Process.prototype.enableJS) {
             blocks.push('-');
             blocks.push(block('reportJSFunction'));
             if (Process.prototype.enableCompiling) {
@@ -8854,7 +8854,7 @@ StageMorph.prototype.blockTemplates = function (category) {
         blocks.push(block('reportIsA'));
         blocks.push(block('reportIsIdentical'));
 
-        if (true) { // (Process.prototype.enableJS) {
+        if (Process.prototype.enableJS) {
             blocks.push('-');
             blocks.push(block('reportJSFunction'));
             if (Process.prototype.enableCompiling) {
diff --git a/src/store.js b/src/store.js
index 46274bd2..ce076cde 100644
--- a/src/store.js
+++ b/src/store.js
@@ -61,7 +61,7 @@ normalizeCanvas, contains*/
 
 // Global stuff ////////////////////////////////////////////////////////
 
-modules.store = '2021-March-09';
+modules.store = '2021-June-09';
 
 
 // XML_Serializer ///////////////////////////////////////////////////////
@@ -1165,7 +1165,7 @@ SnapSerializer.prototype.loadBlock = function (model, isReporter, object) {
             );
         } else {
         /*
-        // disable JavaScript functions, commented out for now
+        // disable loading JavaScript functions, commented out for now
         if (model.attributes.s === 'reportJSFunction' &&
                 !Process.prototype.enableJS) {
             if (window.confirm('enable JavaScript?')) {
diff --git a/src/threads.js b/src/threads.js
index 764007d3..f450b721 100644
--- a/src/threads.js
+++ b/src/threads.js
@@ -61,7 +61,7 @@ StageMorph, SpriteMorph, StagePrompterMorph, Note, modules, isString, copy, Map,
 isNil, WatcherMorph, List, ListWatcherMorph, alert, console, TableMorph, BLACK,
 TableFrameMorph, ColorSlotMorph, isSnapObject, newCanvas, Symbol, SVG_Costume*/
 
-modules.threads = '2021-April-17';
+modules.threads = '2021-June-09';
 
 var ThreadManager;
 var Process;
@@ -562,7 +562,7 @@ Process.prototype.enableLiveCoding = false; // experimental
 Process.prototype.enableSingleStepping = false; // experimental
 Process.prototype.enableCompiling = false; // experimental
 Process.prototype.flashTime = 0; // experimental
-// Process.prototype.enableJS = false;
+Process.prototype.enableJS = false;
 
 function Process(topBlock, receiver, onComplete, yieldFirst) {
     this.topBlock = topBlock || null;
@@ -1185,6 +1185,9 @@ Process.prototype.reifyPredicate = function (topBlock, parameterNames) {
 };
 
 Process.prototype.reportJSFunction = function (parmNames, body) {
+    if (!this.enableJS) {
+        throw new Error('JavaScript is not enabled');
+    }
     return Function.apply(
         null,
         parmNames.itemsArray().concat([body])
@@ -1204,9 +1207,9 @@ Process.prototype.evaluate = function (
         return this.returnValueToParentContext(null);
     }
     if (context instanceof Function) {
-        // if (!this.enableJS) {
-        //     throw new Error('JavaScript is not enabled');
-        // }
+        if (!this.enableJS) {
+            throw new Error('JavaScript is not enabled');
+        }
         return context.apply(
             this.blockReceiver(),
             args.itemsArray().concat([this])