JSONPath-Plus
diff --git a/‎dist/index-es.js
Lines changed: 8 additions & 2 deletions b/‎dist/index-es.js
Lines changed: 8 additions & 2 deletions
diff --git a/‎dist/index-es.min.js
Lines changed: 1 addition & 1 deletion b/‎dist/index-es.min.js
Lines changed: 1 addition & 1 deletion
diff --git a/‎dist/index-es.min.js.map
Lines changed: 1 addition & 1 deletion b/‎dist/index-es.min.js.map
Lines changed: 1 addition & 1 deletion
diff --git a/‎dist/index-umd.js
Lines changed: 8 additions & 2 deletions b/‎dist/index-umd.js
Lines changed: 8 additions & 2 deletions
diff --git a/‎dist/index-umd.min.js
Lines changed: 1 addition & 1 deletion b/‎dist/index-umd.min.js
Lines changed: 1 addition & 1 deletion
diff --git a/‎dist/index-umd.min.js.map
Lines changed: 1 addition & 1 deletion b/‎dist/index-umd.min.js.map
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/jsonpath.js
Lines changed: 10 additions & 1 deletion b/‎src/jsonpath.js
Lines changed: 10 additions & 1 deletion
@@ -224,11 +224,17 @@ var vm = supportsNodeVM() ? require('vm') : {
       }
 
       return 'var ' + func + '=' + fString + ';' + s;
-    }, ''); // Remove last semi so `return` will be inserted before
+    }, '');
+    expr = funcString + expr; // Mitigate http://perfectionkills.com/global-eval-what-are-the-options/#new_function
+
+    if (!expr.match(/(["'])use strict\1/) && !keys.includes('arguments')) {
+      expr = 'var arguments = undefined;' + expr;
+    } // Remove last semi so `return` will be inserted before
     //  the previous one instead, allowing for the return
     //  of a bare ending expression
 
-    expr = (funcString + expr).replace(/;[\t-\r \xA0\u1680\u2000-\u200A\u2028\u2029\u202F\u205F\u3000\uFEFF]*$/, ''); // Insert `return`
+
+    expr = expr.replace(/;[\t-\r \xA0\u1680\u2000-\u200A\u2028\u2029\u202F\u205F\u3000\uFEFF]*$/, ''); // Insert `return`
 
     var lastStatementEnd = expr.lastIndexOf(';');
     var code = lastStatementEnd > -1 ? expr.slice(0, lastStatementEnd + 1) + ' return ' + expr.slice(lastStatementEnd + 1) : ' return ' + expr; // eslint-disable-next-line no-new-func
 
@@ -230,11 +230,17 @@
         }
 
         return 'var ' + func + '=' + fString + ';' + s;
-      }, ''); // Remove last semi so `return` will be inserted before
+      }, '');
+      expr = funcString + expr; // Mitigate http://perfectionkills.com/global-eval-what-are-the-options/#new_function
+
+      if (!expr.match(/(["'])use strict\1/) && !keys.includes('arguments')) {
+        expr = 'var arguments = undefined;' + expr;
+      } // Remove last semi so `return` will be inserted before
       //  the previous one instead, allowing for the return
       //  of a bare ending expression
 
-      expr = (funcString + expr).replace(/;[\t-\r \xA0\u1680\u2000-\u200A\u2028\u2029\u202F\u205F\u3000\uFEFF]*$/, ''); // Insert `return`
+
+      expr = expr.replace(/;[\t-\r \xA0\u1680\u2000-\u200A\u2028\u2029\u202F\u205F\u3000\uFEFF]*$/, ''); // Insert `return`
 
       var lastStatementEnd = expr.lastIndexOf(';');
       var code = lastStatementEnd > -1 ? expr.slice(0, lastStatementEnd + 1) + ' return ' + expr.slice(lastStatementEnd + 1) : ' return ' + expr; // eslint-disable-next-line no-new-func
 
@@ -72,10 +72,19 @@ const vm = supportsNodeVM()
                 return 'var ' + func + '=' + fString + ';' + s;
             }, '');
 
+            expr = funcString + expr;
+
+            // Mitigate http://perfectionkills.com/global-eval-what-are-the-options/#new_function
+            if (!expr.match(/(['"])use strict\1/u) &&
+                !keys.includes('arguments')
+            ) {
+                expr = 'var arguments = undefined;' + expr;
+            }
+
             // Remove last semi so `return` will be inserted before
             //  the previous one instead, allowing for the return
             //  of a bare ending expression
-            expr = (funcString + expr).replace(/;\s*$/u, '');
+            expr = expr.replace(/;\s*$/u, '');
 
             // Insert `return`
             const lastStatementEnd = expr.lastIndexOf(';');