Block certain browser API's when executing JS in the browser

2021-10-14 12:02:34 +01:00 · 2021-10-14 12:02:34 +01:00 · 1bd0897fd8
parent 403f64d1ac
commit 1bd0897fd8
2 changed files with 7 additions and 6 deletions
--- a/packages/string-templates/src/helpers/javascript.js
+++ b/packages/string-templates/src/helpers/javascript.js
@ -39,12 +39,7 @@ module.exports.processJS = (handlebars, context) => {
    const js = `function run(){${atob(handlebars)}};run();`

    // Our $ context function gets a value from context
-    const sandboxContext = {
-      $: path => getContextValue(path, context),
-      alert: undefined,
-      setInterval: undefined,
-      setTimeout: undefined,
-    }
+    const sandboxContext = { $: path => getContextValue(path, context) }

    // Create a sandbox with out context and run the JS
    return runJS(js, sandboxContext)
--- a/packages/string-templates/src/index.mjs
+++ b/packages/string-templates/src/index.mjs
@ -20,6 +20,12 @@ export const processObject = templates.processObject
 * Use polyfilled vm to run JS scripts in a browser Env
 */
 setJSRunner((js, context) => {
+  context = {
+    ...context,
+    alert: undefined,
+    setInterval: undefined,
+    setTimeout: undefined,
+  }
  vm.createContext(context)
  return vm.runInNewContext(js, context, { timeout: 1000 })
 })