• Stars
    star
    190
  • Rank 203,739 (Top 5 %)
  • Language
    JavaScript
  • License
    Other
  • Created over 15 years ago
  • Updated almost 7 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A JavaScript sandboxing library that uses web worker threads

DISCONTINUED - Not safe; Do not use

JSandbox

Version 0.2.3

JSandbox is an open source JavaScript sandboxing library that makes use of HTML5 web workers. JSandbox makes it possible to run untrusted JavaScript without having to worry about any potential dangers.

Getting Started

  1. Download JSandbox.
  2. Include <link rel="jsandbox" href="path/to/jsandbox-worker.js" /> anywhere in your document. I recommend putting it in the document's <head>.
  3. Place <script type="text/javascript" src="path/to/jsandbox.js"></script> anywhere after the <link> tag.
  4. Read the API documentation below.

Example Code

This example code demonstrates the JSandbox API.

Tested Working Browsers

  • Firefox 3.5+
  • Google Chrome 4+

API

Worker script location

Instead of using a <link> tag, you may define JSandbox.url to specify the location of the JSandbox worker script.

Methods

All of these methods can be accessed on the JSandbox constructor (in one-use sandboxes) and JSandbox instances:

eval(options)
eval()s options.data. If options.callback is a function, it is passed the results as long as no errors occur. If options.onerror is a function and an error occurs, it is passed the error object. The code is eval()ed in a top-level pseudo-function-scope. If you define a variable using a var statement, the variable is private to the eval. this is still the global object. If this method is called on JSandbox, the JSandbox object is returned. Otherwise, the ID of the request is returned.
exec(options)
Executes code in a faster method than eval, but does not pass a return value to the callback function (though the function is still called if defined). Unlike eval, the code is run in the global scope (var statements affect this).
load(options)
If options.data is a string, options.data will attempt to be loaded in the sandbox. If options.data is an array, every string it contains will attempt be loaded. If options.onerror is a function and an error is thrown while parsing a script or a script could not be resolved, options.onerror is passed the error object. Otherwise, options.callback is called when the scripts are finished loading.

Instance-only methods

These methods can only be on JSandbox instances:

abort(requestID)
Aborts a pending request with the ID, requestID.
terminate()
Terminates the worker thread and any pending requests are aborted. You cannot use the JSandbox instance on which you called this method after it is called.

options object

The following are all of the properties that may be included in an options object.

data [Required]
In the case of eval and exec, it is the code to execute. In the case of load, it is an array of the script(s) to load. If you only need to load one script, just pass a string instead.
input
The input data available to the code via the input variable. The input should be JSON-convertible.
callback
The callback to pass the return value of the executed code if no exceptions were thrown.
onerror
The callback to pass an exception if one is thrown upon executing the code.

Alternative syntax

Any method that takes an options object can also be called using the following positional-arguments syntax:

someMethod(data [, callback] [, input] [, onerror]);

The global JSandbox object can also be referenced as Sandbox.

Tracking image

More Repositories

1

FileSaver.js

An HTML5 saveAs() FileSaver implementation
JavaScript
20,738
star
2

Blob.js

An HTML5 Blob implementation
JavaScript
1,141
star
3

classList.js

Cross-browser element.classList
JavaScript
1,105
star
4

canvas-toBlob.js

A canvas.toBlob() implementation
JavaScript
657
star
5

l10n.js

Passive localization JavaScript library
JavaScript
392
star
6

color.js

Color management JavaScript libary
JavaScript
157
star
7

async-document-write

An asynchronous document.write implementation
JavaScript
65
star
8

pmxdr

Cross-domain XHR using postMessage
JavaScript
63
star
9

voice-search

Chrome extension for searching by speaking.
JavaScript
48
star
10

async.js

async/await before promises. async.js facilitates asynchronous actions ('promises') with synchronous-style syntax
JavaScript
41
star
11

timer.js

High-precision JavaScript timer
JavaScript
37
star
12

Xccessors

Xccessors (cross-browser accessors) is a JavaScript shim that implements the legacy or standard methods for defining and looking up accessors (getters and setters) of objects.
JavaScript
36
star
13

RetargetMouseScroll

A JavaScript library for retargetting mouse scroll events.
HTML
35
star
14

libxdr

A library that implements a cross-browser XDR constructor
JavaScript
27
star
15

hotlink.js

Hide image referrers
JavaScript
26
star
16

jData-host

jData host JavaScript library.
JavaScript
18
star
17

mumbl

A JavaScript library that abstracts audio-playing functionality of HTML5, Songbird, and SoundManager 2 for use in music playlists
JavaScript
17
star
18

tinylog

A minimalistic logging platform
JavaScript
17
star
19

reddit-bots

A collection of various reddit bots.
Python
17
star
20

emoji-favicon-toolkit

Emoji Favicon Toolkit - Set your favicon to emoji using canvas & cache as /favicon.ico with service workers
TypeScript
15
star
21

e4x.js

Implementation of all of the optional features in the ECMA-357 specification.
JavaScript
13
star
22

subscribe.js

An easy-to-use and highly extensible client-side notification-based feed reader Service Worker (coming soon!)
JavaScript
11
star
23

mutaprophylaxis

Methods for preventing unauthorized DOM mutations
JavaScript
10
star
24

code.eligrey.com-archive

Archive of code.eligrey.com
JavaScript
8
star
25

attrs

JavaScript 1.6+ library for setting DOM element attributes
JavaScript
7
star
26

chrome-enhanced-font-smoothing

Chrome extension that that improves font smoothing on Windows
CSS
6
star
27

CiteDrag

CiteDrag automatically cites data dragged from one website to a normal text input (ie. input type="text", textarea) or rich text input field (ie. Microsoft Word, contenteditable HTML elements, your blogging platform, etc.)
JavaScript
5
star
28

BlobBuilder.js

Moved to https://github.com/eligrey/Blob.js
4
star
29

js-iterators

A collection of iterator and generator-related JavaScript scripts.
JavaScript
4
star
30

mixest-downloader

Adds download functionality to mixest.com.
JavaScript
3
star
31

http-index-format-automator

Generates application/http-index-format for directory listings
PHP
3
star
32

jil

jData Interface Library (client JavaScript library)
JavaScript
3
star
33

myrandom.js

reddit's paywalled myrandom button, for everyone
JavaScript
2
star
34

e4x-array-methods.js

A JavaScript library that implements array methods for E4X XML. Intended for making XML easier to use with server-side JavaScript.
JavaScript
2
star
35

docswap

DOM document replacement tools
TypeScript
1
star
36

clipvertise

Use the clipboard for ads or something
1
star
37

speculative-request-control

Speculative Request Control explainer
Bikeshed
1
star