From 6e8be6310402578133d6f76021d716303ed91f30 Mon Sep 17 00:00:00 2001
From: Dan Lapid <dan.lapid@gmail.com>
Date: Wed, 16 Oct 2024 11:25:41 +0000
Subject: [PATCH] Remove direct eval in pyodide.asm.js and minify
 setupEmscripten. This replaces direct eval in pyodide.asm.js with indirect
 eval, see comment in the commit.

---
 src/pyodide/BUILD.bazel | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/pyodide/BUILD.bazel b/src/pyodide/BUILD.bazel
index 0a83ae53d70..4b18f0f334b 100644
--- a/src/pyodide/BUILD.bazel
+++ b/src/pyodide/BUILD.bazel
@@ -128,6 +128,20 @@ REPLACEMENTS = [
         "crypto.getRandomValues(",
         "getRandomValues(Module, ",
     ],
+    [
+        # Direct eval disallowed in esbuild, see:
+        # https://esbuild.github.io/content-types/#direct-eval
+        "eval(func)",
+        "(() => {throw new Error('Internal Emscripten code tried to eval, this should not happen, please file a bug report with your requirements.txt file\\'s contents')})()",
+    ],
+    [
+        "eval(data)",
+        "(() => {throw new Error('Internal Emscripten code tried to eval, this should not happen, please file a bug report with your requirements.txt file\\'s contents')})()",
+    ],
+    [
+        "eval(UTF8ToString(ptr))",
+        "(() => {throw new Error('Internal Emscripten code tried to eval, this should not happen, please file a bug report with your requirements.txt file\\'s contents')})()",
+    ],
 ]
 
 PYODIDE_BUCKET_MODULE = json.encode({