2.5.4 • Published 1 year ago

vlsandbox v2.5.4

Weekly downloads
-
License
GPL-3.0-only
Repository
github
Last release
1 year ago

npm version

vlsandbox Scoped Sandbox

Need to run external code (e.g. Plugins) in your application, without exposing globalThis object? Try vlsandbox

const sandbox = new Sandbox(`
    alert(message);
`);

sandbox.run(); // will throw an error, as alert and message are exposed to the sandbox

sandbox.expose("alert"); // allow access to window.alert
sandbox.expose("message", "Hello World"); // pass custom variable

sandbox.run(); // will show a alert "Hello World"

Security and implications

Do NOT use this framework as a end-all-be-all solution to encapsulating external code. vlsandbox will not prevent you from exposing a objected containing a window reference! Never expose HTML-Elements to sandboxes!

You can't use the classic function declaration within sandboxes, because globalThis can be obtained as demonstrated in this example:

console.log(() => this); // will return {} or whatever you passed to run(scope?)
console.log(function() { return this }) // will return globalThis

Sponsoring and support

This project is sponsored and supported by VLVT.IN GmbH, luucy AG and inter allied crypsis / ACRYPS.

sandbox
espree
@everything-registry/sub-chunk-3064@infinitebrahmanuniverse/nolb-vl
2.5.4

1 year ago

2.5.2

2 years ago

2.5.3

2 years ago

2.5.0

2 years ago

2.5.1

2 years ago

2.3.0

3 years ago

2.3.2

3 years ago

2.4.0

3 years ago

2.3.1

3 years ago

2.1.1

3 years ago

2.1.0

3 years ago

2.0.1

3 years ago

2.0.0

3 years ago