I always try to make any potentially breaking changes as minimal as possible in Happy DOM. This may be a breaking change that affects many projects, and I'm truly sorry if you are negatively affected by this.
💣 Breaking Changes
- Due to security risks JavaScript evaluation has been changed to be disabled by default - By @capricorn86 in task #0
- A security advisory (GHSA-37j7-fg3j-429f) has been reported that shows a security vulnerability where it's possible to escape the VM context and get access to process level functionality. Big thanks to @Mas0nShi for reporting this!
- Due to this security risk, JavaScript evaluation is now disabled by default to prevent that a consumer accidentally executes untrusted code without taking precautions
- Read more about how to enable JavaScript evaluation in a safer way in the Wiki