Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/acryps/vlsandbox
https://github.com/acryps/vlsandbox
Last synced: 5 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/acryps/vlsandbox
- Owner: acryps
- Created: 2021-09-20T16:35:05.000Z (about 3 years ago)
- Default Branch: master
- Last Pushed: 2022-12-15T10:01:59.000Z (almost 2 years ago)
- Last Synced: 2024-11-06T17:06:03.445Z (9 days ago)
- Language: TypeScript
- Size: 29.3 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
[](http://badge.acryps.com/go/npm/vlsandbox)
# vlsandbox Scoped Sandbox
Need to run external code (e.g. Plugins) in your application, without exposing `globalThis` object? Try vlsandbox
```
const sandbox = new Sandbox(`
alert(message);
`);
sandbox.run(); // will throw an error, as alert and message are exposed to the sandbox
sandbox.expose("alert"); // allow access to window.alert
sandbox.expose("message", "Hello World"); // pass custom variable
sandbox.run(); // will show a alert "Hello World"
```
## Security and implications
> Do NOT use this framework as a end-all-be-all solution to encapsulating external code. vlsandbox will not prevent you from exposing a objected containing a window reference! Never expose HTML-Elements to sandboxes!
You can't use the classic function declaration within sandboxes, because `globalThis` can be obtained as demonstrated in this example:
```
console.log(() => this); // will return {} or whatever you passed to run(scope?)
console.log(function() { return this }) // will return globalThis
```
## Sponsoring and support
This project is sponsored and supported by [VLVT.IN GmbH](https://vlvt.in), [luucy AG](https://luucy.ch) and [inter allied crypsis / ACRYPS](https://acryps.com).