Microsoft KB Archive/836660

= A security exception occurs when partially trusted code tries to create a function object by using the eval or the Function constructs in JScript .NET =

Article ID: 836660

Article Last Modified on 5/18/2007

-

APPLIES TO


 * Microsoft Visual J# .NET 2003 Standard Edition
 * Microsoft Visual J# .NET 2003 Standard Edition
 * Microsoft JScript .NET

-





SYMPTOMS
Microsoft JScript .NET throws a security exception when partially trusted code tries to create a Function object by using the eval method or the function constructs. For example, both the following statements throw a security exception when they are executed from partially trusted code: var d1 = new Function(&quot;x&quot;, &quot;y&quot;, &quot;return x+y;&quot;); var d2 = eval(&quot;function sample(a,b) { return a+b; }&quot;);



CAUSE
The JScript .NET code that tries to create a new Function object at run time by using the eval method or the function constructs fails because the code requires unmanaged code permissions and various other permissions. These permissions are not always predictable at compile time.



RESOLUTION
To resolve this problem, if code security can be configured and if the script code can be trusted, grant the script code Full Trust permissions.



WORKAROUND
To work around the problem if you do not need a dynamically compiled function, reformulate the code. For example, use the following statements that successfully compile and then run in partially trusted environments to replace the code that is in the &quot;Symptoms&quot; section of this article: var d1 = function (x,y) { return x+y; } var d2 = function sample(a,b) { return a+b; }



STATUS
This behavior is by design.

