diff --git a/src/browser/index.jsx b/src/browser/index.jsx
index a8690932..6238c1c0 100644
--- a/src/browser/index.jsx
+++ b/src/browser/index.jsx
@@ -1,5 +1,9 @@
 'use strict';
 
+window.eval = global.eval = function() {
+  throw new Error("Sorry, Mattermost does not support window.eval() for security reasons.");
+}
+
 const React = require('react');
 const ReactDOM = require('react-dom');
 const ReactBootstrap = require('react-bootstrap');
@@ -417,7 +421,7 @@ var MattermostView = React.createClass({
     // Need to keep webview mounted when failed to load.
     return (<div>
               { errorView }
-              <webview id={ this.props.id } className="mattermostView" style={ this.props.style } preload="webview/mattermost.js" src={ this.props.src } ref="webview"></webview>
+              <webview id={ this.props.id } className="mattermostView" style={ this.props.style } preload="webview/mattermost.js" src={ this.props.src } ref="webview" nodeintegration="false"></webview>
             </div>);
   }
 });
diff --git a/test/specs/security_test.js b/test/specs/security_test.js
index 1766e083..b6d334df 100644
--- a/test/specs/security_test.js
+++ b/test/specs/security_test.js
@@ -76,5 +76,14 @@ describe('application', function() {
         });
       }, 5000, 'expected a new window')
       .windowByIndex(3).isNodeEnabled().should.eventually.be.false;
-  })
+  });
+
+  it('should NOT be able to call eval in any window', function() {
+    env.addClientCommands(this.app.client);
+    const client = this.app.client;
+    return this.app.client
+      .windowByIndex(1) // in the first webview
+      .eval()
+      .should.be.rejected;
+  });
 });