--disallow-code-generation-from-strings is ignored since versions 16.17 and 18.6

[Recursing]

Version

v18.7.0, v18.6.0, v16.17.0

Platform

18.04.1-Ubuntu SMP and Darwin Kernel Version 20.6.0

What steps will reproduce the bug?

$ node --disallow-code-generation-from-strings
Welcome to Node.js v16.17.0.
Type ".help" for more information.
> eval("1+2")
3

What is the expected behavior?

The expected behavior is:

"built-in language features like eval and new Function that generate code from strings throw an exception instead."

As per the documentation

Like in node 16.16:

$ node --disallow-code-generation-from-strings
Welcome to Node.js v16.16.0.
Type ".help" for more information.
> eval("1+2")
Uncaught EvalError: Code generation from strings disallowed for this context

What do you see instead?

$ node --disallow-code-generation-from-strings                                                   09:34
Welcome to Node.js v18.7.0.
Type ".help" for more information.
> eval("1+2")
3

Additional information

Has the flag been deprecated? Is there a new flag we can use? I couldn't find any documentation about this change.

It works correctly in versions 16.16 and 18.5, but seems ignored in versions 16.17, 18.6, and 18.7.

[targos]

I suspect 02eb10b

/cc @legendecas

[legendecas]

Looks like we'll need to restore the default value set in v8: https://source.chromium.org/chromium/chromium/src/+/main:v8/src/init/bootstrapper.cc;l=6511?q=FLAG_disallow_code_generation_from_strings. I'll submit a fix for this. Thank you for reporting this.