iframe-sandbox v4.0.1
Iframe Sandbox
Don't assume this is a perfect sandbox. Infinite loops will crash the main page. See this thread.
usage
var IframeSandbox = require('iframe-sandbox')
IframeSandbox({ container: document.body }, function(err, sandbox){
console.log('ready')
sandbox.eval('1+2', function(err, result){
console.log('eval:',result)
})
})config
All config options are passed to iframe.
See here for iframe config options.
var opts = {
container: document.body,
src: urlOfBootstrappedIframe,
}
IframeSandbox(opts, cb)Bootstrapped iframe
To use a hosted, bootstrapped iframe, specify the url as the src config option.
See here for more about using a bootstrapped iframe.
methods
eval
Evals js in the sandbox's context. Calls the callback with the error (as a string) or the result.
sandbox.eval( jsString, function(err, result){ /* ... */ } )createWriteStream
Creates a WriteStream that writes to the document via document.write.
Note: scripts written to the DOM wont be run until 'document.close()' is called,
triggered by the end of the stream.
var ws = sandbox.createWriteStream()
somewhereAwesome.pipe(ws)'message' event
Inside the sandbox context there is an extra exposed global sandboxMessage that will re-materialize objects in the main context and handle cross-context callbacks via dnode.
Listen to the 'message' event in the main context to receive the messages
sandbox.on('message', function(arg1, arg2, ...){
console.log(arguments)
})
sandbox.eval('sandboxMessage("hello", "world")')notes
Writing external script tags to the document does not seem to work.
The following will not load bundle.js.
var ws = sandbox.createWriteStream()
ws.write('<script src="bundle.js"></script>')
ws.end()