From f049a22238d977d21ca9b868336e9d66063258ed Mon Sep 17 00:00:00 2001
From: minjaesong <alswo9628@gmail.com>
Date: Sat, 2 Oct 2021 13:28:58 +0900
Subject: [PATCH] bios: making sure no internal vars of the bios would leak
 into the userspace

---
 assets/bios/tsvmbios.js | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/assets/bios/tsvmbios.js b/assets/bios/tsvmbios.js
index a3895bd..8f9aa21 100644
--- a/assets/bios/tsvmbios.js
+++ b/assets/bios/tsvmbios.js
@@ -58,7 +58,7 @@ con.move(21,(80-uramstr.length)/2);println(uramstr);
 
 // probe bootable device
 
-var _BIOS = {};
+/*var _BIOS = {};
 
 // Syntax: [Port, Drive-number]
 // Port #0-3: Serial port 1-4
@@ -66,7 +66,7 @@ var _BIOS = {};
 // Drive-number always starts at 1
 _BIOS.FIRST_BOOTABLE_PORT = [0,1]; // ah screw it
 
-Object.freeze(_BIOS);
+Object.freeze(_BIOS);*/
 
 ///////////////////////////////////////////////////////////////////////////////
 
@@ -92,7 +92,9 @@ while (portNumber < 4) {
 	portNumber += 1;
 }
 if (portNumber < 4) {
-	eval(com.fetchResponse(portNumber).trimNull());
+//	eval(com.fetchResponse(portNumber).trimNull());
+    // using Function() so that BIOS variables won't get leaked in
+	{Function("\"use strict\";var _BIOS={};_BIOS.FIRST_BOOTABLE_PORT=[0,1];Object.freeze(_BIOS);"+com.fetchResponse(portNumber).trimNull())()};
 }
 else {
 	printerrln("No bootable medium found.");