Prevent executing JS bindings when running in a Node env
This commit is contained in:
parent
4cd8171a91
commit
0dfa108ef5
|
@ -39,13 +39,23 @@ const atob = base64 => {
|
||||||
|
|
||||||
// Evaluates JS code against a certain context
|
// Evaluates JS code against a certain context
|
||||||
module.exports.processJS = (handlebars, context) => {
|
module.exports.processJS = (handlebars, context) => {
|
||||||
|
// Do not evaluate JS in a node environment
|
||||||
|
if (typeof window === "undefined") {
|
||||||
|
return "JS bindings are not executed in a Node environment"
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// Wrap JS in a function and immediately invoke it.
|
// Wrap JS in a function and immediately invoke it.
|
||||||
// This is required to allow the final `return` statement to be valid.
|
// This is required to allow the final `return` statement to be valid.
|
||||||
const js = `function run(){${atob(handlebars)}};run();`
|
const js = `function run(){${atob(handlebars)}};run();`
|
||||||
|
|
||||||
// Our $ context function gets a value from context
|
// Our $ context function gets a value from context
|
||||||
const sandboxContext = { $: path => getContextValue(path, context) }
|
const sandboxContext = {
|
||||||
|
$: path => getContextValue(path, context),
|
||||||
|
alert: undefined,
|
||||||
|
setInterval: undefined,
|
||||||
|
setTimeout: undefined,
|
||||||
|
}
|
||||||
|
|
||||||
// Create a sandbox with out context and run the JS
|
// Create a sandbox with out context and run the JS
|
||||||
vm.createContext(sandboxContext)
|
vm.createContext(sandboxContext)
|
||||||
|
|
Loading…
Reference in New Issue