UNPKG

@stevenleep/sandbox

Version:

A powerful JavaScript sandbox library that provides multiple sandbox implementation options for safely executing untrusted code in browser environments.

65 lines (52 loc) 2.17 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
// Demo of completely isolated sandbox usage import { getBestSandboxType, createSandbox } from '@stevenleep/sandbox'; // Get the best available sandbox type for the current environment const sandboxType = getBestSandboxType(); console.log(`Using sandbox type: ${sandboxType}`); // Create a sandbox with maximum isolation const sandbox = createSandbox(sandboxType, { name: "isolated-sandbox", // List properties that should be restricted from modification blacklist: [ 'localStorage', 'sessionStorage', 'indexedDB', 'openDatabase', 'WebSocket', 'XMLHttpRequest', 'fetch', 'document' ], // Enforce strict mode for full isolation strictMode: true, }); console.log("Sandbox created:", sandbox.name); // Define a global variable before activating the sandbox (window as any).___outsideVar = "I'm defined outside the sandbox"; console.log("Global variable before sandbox:", (window as any).___outsideVar); // Activate the sandbox before using it sandbox.activate(); // Execute some test code in the sandbox sandbox.execScript(` // This should be contained within the sandbox window.___testVariable = "I'm isolated in the sandbox"; console.log("Hello from the sandbox!"); // This shouldn't modify the real window's property window.___outsideVar = "Modified inside sandbox"; console.log("Outside variable accessed inside sandbox:", window.___outsideVar); `); // Verify that variables defined in the sandbox are accessible within the sandbox const sandboxResult = sandbox.execScript(` console.log("Sandbox variable value:", window.___testVariable); return { insideVar: window.___testVariable, outsideVarSandboxView: window.___outsideVar }; `); console.log("Result from sandbox execution:", sandboxResult); // Verify complete isolation from the global window console.log("Global ___testVariable (should be undefined):", (window as any).___testVariable); console.log("Global ___outsideVar (should be unchanged):", (window as any).___outsideVar); // Clean up when finished sandbox.deactivate(); sandbox.destroy();