wrapeval

wrap eval in sanbox

Usage no npm install needed!

<script type="module">
  import wrapeval from 'https://cdn.skypack.dev/wrapeval';
</script>

README

NO WARRANT WARNING

  • Use at your own risk !

wrapeval

  • wrap eval in sanbox;
  • suggest to compile function and use later for performance
require('wrapeval')(`
console.log(Math.random())
`,{ console })

escape/hack cases

(function(){return this}())
this.constructor.constructor("return process")()
(function(){return this.constructor.constructor("return process")()}())
delete constructor.constructor;delete constructor;constructor.constructor('return process')()
delete constructor;constructor.constructor('return process')()
delete constructor;(function(){return this.constructor.constructor("return process")()}())

ref

http://perfectionkills.com/global-eval-what-are-the-options/#how_eval_works