The following content is from the WeChat open community: "Regulations on Prohibiting the Use of Mini Program JavaScript Interpreters"
In order to further improve the security and user experience of Mini Programs, the platform currently needs to perform security testing on all Mini Programs submitted for review. During the detection process, it was found that some Mini Programs use built-in JavaScript interpreters (such as eval5, estime, evil-eval, etc.) way to dynamically execute JS code and hot update the applet wxml code. For Mini Programs that use interpreters, the platform will reject the code review process from July 6, 2022, and developers are requested to complete self-examination and repairs before July 6 .
Specific violation cases
1. Dynamic code execution
A small program introduces a JS interpreter module to trigger the logic of dynamic code execution in a pre-embedded scenario, thereby pulling the code or fields to be dynamically executed from the server background, and dynamically executing the code in the JS interpreter;
2. Hot update of applet page files
The following example introduces a JS interpreter module for an applet to perform a hot update of the applet;
3. Other situations
Some numerical calculation applets will introduce an interpreter to perform the mathematical expression operation function. For numerical calculation, please use other methods, and do not use the dynamic eval code execution capability provided by the interpreter;
4. Repair guide
If the Mini Program is required to be rectified due to the existence of an interpreter during the code review stage, please check the corresponding files according to the code review feedback, and resubmit the code review after deleting the corresponding interpreter file;
Other FAQs
Q1: The interpreter file in the applet is imported by a third-party package. How to deal with this?
A1: The platform does not allow developers to use the JS interpreter to dynamically execute code. If there is JS interpreter logic in the applet code, please remove it by yourself according to the details of the applet review and rejection or contact the dependent provider or service provider to remove it and submit it again audit;
Q2: After self-checking, the submitted code still prompts that there is an interpreter. How to deal with this?
A2: Please make sure that there are no interpreter files in the submitted applet code and that the JavaScript code parsing module is not used normally. If there are still problems, please submit it to customer service for review.
What impact this move will have on the Mini Program ecosystem is welcome to discuss.