MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Prevent executing JS bindings when running in a Node env

This commit is contained in:
Andrew Kingston 2021-10-13 14:37:14 +01:00
parent 6619a16caf
commit aa150989bd
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
packages/string-templates/src/helpers/javascript.js
View File

@ -39,13 +39,23 @@ const atob = base64 => {
// Evaluates JS code against a certain context // Evaluates JS code against a certain context
module.exports.processJS = (handlebars, context) => { module.exports.processJS = (handlebars, context) => {
// Do not evaluate JS in a node environment
if (typeof window === "undefined") {
return "JS bindings are not executed in a Node environment"
}
try { try {
// Wrap JS in a function and immediately invoke it. // Wrap JS in a function and immediately invoke it.
// This is required to allow the final `return` statement to be valid. // This is required to allow the final `return` statement to be valid.
const js = `function run(){${atob(handlebars)}};run();` const js = `function run(){${atob(handlebars)}};run();`
// Our $ context function gets a value from context // Our $ context function gets a value from context
const sandboxContext = { $: path => getContextValue(path, context) } const sandboxContext = {
$: path => getContextValue(path, context),
alert: undefined,
setInterval: undefined,
setTimeout: undefined,
}
// Create a sandbox with out context and run the JS // Create a sandbox with out context and run the JS
vm.createContext(sandboxContext) vm.createContext(sandboxContext)