Block certain browser API's when executing JS in the browser

This commit is contained in:
Andrew Kingston 2021-10-14 12:02:34 +01:00
parent 01dfef735f
commit 29d58f08c1
2 changed files with 7 additions and 6 deletions

View File

@ -39,12 +39,7 @@ module.exports.processJS = (handlebars, context) => {
const js = `function run(){${atob(handlebars)}};run();`
// Our $ context function gets a value from context
const sandboxContext = {
$: path => getContextValue(path, context),
alert: undefined,
setInterval: undefined,
setTimeout: undefined,
}
const sandboxContext = { $: path => getContextValue(path, context) }
// Create a sandbox with out context and run the JS
return runJS(js, sandboxContext)

View File

@ -20,6 +20,12 @@ export const processObject = templates.processObject
* Use polyfilled vm to run JS scripts in a browser Env
*/
setJSRunner((js, context) => {
context = {
...context,
alert: undefined,
setInterval: undefined,
setTimeout: undefined,
}
vm.createContext(context)
return vm.runInNewContext(js, context, { timeout: 1000 })
})