MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Block certain browser API's when executing JS in the browser

This commit is contained in:
Andrew Kingston 2021-10-14 12:02:34 +01:00
parent 01dfef735f
commit 29d58f08c1
2 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
packages/string-templates/src/helpers/javascript.js
View File

@ -39,12 +39,7 @@ module.exports.processJS = (handlebars, context) => {
const js = `function run(){${atob(handlebars)}};run();` const js = `function run(){${atob(handlebars)}};run();`
// Our $ context function gets a value from context // Our $ context function gets a value from context
const sandboxContext = { const sandboxContext = { $: path => getContextValue(path, context) }
$: path => getContextValue(path, context),
alert: undefined,
setInterval: undefined,
setTimeout: undefined,
}
// Create a sandbox with out context and run the JS // Create a sandbox with out context and run the JS
return runJS(js, sandboxContext) return runJS(js, sandboxContext)

6
packages/string-templates/src/index.mjs
View File

@ -20,6 +20,12 @@ export const processObject = templates.processObject
* Use polyfilled vm to run JS scripts in a browser Env * Use polyfilled vm to run JS scripts in a browser Env
*/ */
setJSRunner((js, context) => { setJSRunner((js, context) => {
context = {
...context,
alert: undefined,
setInterval: undefined,
setTimeout: undefined,
}
vm.createContext(context) vm.createContext(context)
return vm.runInNewContext(js, context, { timeout: 1000 }) return vm.runInNewContext(js, context, { timeout: 1000 })
}) })