npm
Sign UpSign In

vlsandbox
TypeScript icon, indicating that this package has built-in type declarations

2.5.4 • Public • Published

npm version

vlsandbox Scoped Sandbox

Need to run external code (e.g. Plugins) in your application, without exposing globalThis object? Try vlsandbox

const sandbox = new Sandbox(`
    alert(message);
`);

sandbox.run(); // will throw an error, as alert and message are exposed to the sandbox

sandbox.expose("alert"); // allow access to window.alert
sandbox.expose("message", "Hello World"); // pass custom variable

sandbox.run(); // will show a alert "Hello World"

Security and implications

Do NOT use this framework as a end-all-be-all solution to encapsulating external code. vlsandbox will not prevent you from exposing a objected containing a window reference! Never expose HTML-Elements to sandboxes!

You can't use the classic function declaration within sandboxes, because globalThis can be obtained as demonstrated in this example:

console.log(() => this); // will return {} or whatever you passed to run(scope?)
console.log(function() { return this }) // will return globalThis

Sponsoring and support

This project is sponsored and supported by VLVT.IN GmbH, luucy AG and inter allied crypsis / ACRYPS.

Readme

Keywords

Package Sidebar

Install

npm i vlsandbox

Repository

github.com/vlvtin/vlsandbox

Homepage

github.com/vlvtin/vlsandbox#readme

Weekly Downloads

7

Version

2.5.4

License

GPL-3.0-only

Unpacked Size

22.8 kB

Total Files

8

Last publish

Collaborators

  • levvij
Try on RunKit
Report malware