@mjourard/js-sandbox v0.1.0

js-sandbox

A script for sandboxing a page such that all non-whitelisted urls and domains http requests are logged to the defined server.

All urls and domains on the blacklist will have their requests sent to the defined server and then cancelled.

Why

The world is built on partnerships, and the internet is no different. Many web pages will use 3rd party pixels and plugins to better capture and utilize the data of their customers. Many of those 3rd party packages will give you a script tag which downloads the source of the package on every request.

It can be very hard to detect if these packages are distributing malicious code if they do it very infrequently, say on every 1000th request. For this, you can put your page in a "sandbox" which logs all 3rd party requests for you to then inspect and if necessary, take appropriate action.

Usage

Installation

Example Logged Request

Development

Testing

TODO: read this article for how to test that network requests are not being made https://blog.shapesecurity.com/2018/09/17/intercepting-and-modifying-responses-with-chrome-via-the-devtools-protocol/

TODO: read this article for publishing an npm package https://www.freecodecamp.org/news/how-to-make-a-beautiful-tiny-npm-package-and-publish-it-2881d4307f78/

Deployment