@locker/sandbox

Locker sandboxing library

Usage no npm install needed!

<script type="module">
  import lockerSandbox from 'https://cdn.skypack.dev/@locker/sandbox';
</script>

README

@locker/sandbox

Locker sandboxing library

Installation

$ yarn add @locker/sandbox

Usage

The evaluateInSandbox() function:

import { evaluateInSandbox } from '@locker/sandbox';

let sandboxed;
// Evaluate source text in a sandbox using
// `evaluateInSandbox(key, sourceText, context, endowments)`. The function has
// no return value.
evaluateInSandbox(
    // The key of the sandbox to evaluate source text in. One sandbox is created
    // per key regardless of the number of calls to `evaluateInSandbox()`.
    'sandbox',
    // The source text to evaluate in the sandbox.
    `$lockerEvalContext$(${
        // Function body to coerce to a string. Using a function and coercing
        // it to a string has the benefit of working with minifiers.
        function () {
            // Call to a provided endowment value.
            logger('inside sandbox');
            // Other code to sandbox...
        }
    })`,
    // The value of the optional sandbox context binding `$lockerEvalContext

	
		
		
		
		
		
		
		
	npm:@locker/sandbox | Skypack
	
		
		
		
		
    // that may be used to initialize sandboxed code. The binding can be an object,
    // function, or anything else. The `$lockerEvalContext

	
		
		
		
		
		
		
		
	npm:@locker/sandbox | Skypack
	
		
		
		
		 binding can only be
    // accessed a once per sandbox evaluation and is set to `undefined` after
    // the synchronous sandbox evaluation.
    (def) => {
        sandboxed = def;
    },
    // The optional endowments object whose property descriptors are used to
    // define properties on the sandboxed global object. Behind the scenes the
    // `$lockerEvalContext

	
		
		
		
		
		
		
		
	npm:@locker/sandbox | Skypack
	
		
		
		
		 is defined using the same endowments feature.
    { logger: console.log.bind(console) }
);