https://github.com/shenfe/function-sandbox
📦 Make a "sandbox" for a function.
https://github.com/shenfe/function-sandbox
function-sandbox security
Last synced: 9 months ago
JSON representation
📦 Make a "sandbox" for a function.
- Host: GitHub
- URL: https://github.com/shenfe/function-sandbox
- Owner: shenfe
- License: mit
- Created: 2018-02-13T17:28:25.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2018-02-28T03:31:45.000Z (over 8 years ago)
- Last Synced: 2025-09-20T01:51:03.970Z (9 months ago)
- Topics: function-sandbox, security
- Language: JavaScript
- Homepage:
- Size: 67.4 KB
- Stars: 8
- Watchers: 0
- Forks: 1
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README

📦 Make a sandbox for a function, **isolating the function's effects**, **blocking outer-scoped variables** (e.g. `window`, `global`) **and dangerious operations** (e.g. `eval()`, `new Function()`).
All the module exports is a main function.
## Input/Output
### input (parameter)
A function or string of a function.
### output (return)
A function or string of a function.
## Installation
```bash
$ npm install --save function-sandbox
```
## Usage
### example
```js
const fnsb = require('function-sandbox');
let a = 1;
let f1 = function (b) {
console.log(a = b + 1);
// ^
console.log(c);
// ^
function f() {
console.log(d);
console.log(e);
// ^
console.log(window);
// ^
console.log(global);
// ^
eval('console.log("using eval()")');
// ^
(new Function('console.log("using new Function()")'))();
// ^
}
var F = f.constructor;
(new F('console.log("using new Function()")'))();
// ^
var d = 1;
return f();
};
let f2 = fnsb(f1, true); // `f2` is function
f2(1); // => 2 undefined 1 undefined {} {}
console.log(a); // => 1
let f3 = fnsb(f1); // `f3` is string
```
Now `f3` is such a **string** of a function:
```
"function () { var window = {}, global = {}, process = {}, Function = function () { return function () {} }, eval = function () {}; return (function (b) {
'use strict';
var a, c, e;
... Here is the original function body ...
}).apply(null, arguments); }"
```
### options
The second parameter is optional and can be either Boolean or Object. When it is `true`, the main function will return a function instead of a string. When it is an object, it has several properties to be set:
| property | value | example |
| :---: | :--- | :---: |
| asFunction | Boolean, whether to return a function or a string. | `true` |
| whiteList | Array, a list of variable names not to be blocked. | `['$']` `['Promise', 'JSON']` |
| injection | Object, a map from variable name to value. | `{ a: 1, b: function (x) { return x * x; } }` |
## More Related
* The [Function](http://www.ecma-international.org/ecma-262/5.1/#sec-15.3.2) in JavaScript.
* Node.js [vm](https://nodejs.org/api/vm.html).
* [Web Worker](https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API).
## License
[MIT](http://opensource.org/licenses/MIT)
Copyright © 2018-present, [shenfe](https://github.com/shenfe)