Pavel (Pasha) Lechenko
Pavel (Pasha) Lechenko
PostsComments
DDeno
Created by Pavel (Pasha) Lechenko on 2/12/2024 in #help
How to restrict global scope in dynamically created function?
even cooler: 
const xxx = new Function(
  '$',
  [...Object.getOwnPropertyNames(globalThis)],
  `const z = [];
  for(const k of this.b) z.push(-k);
  $.log('\\n\\nHello Console!\\n\\n');
  return {
    self: self,
    globalThis: globalThis,
    Deno: Deno,
    crypto: crypto,
    Object: Object,
    String: String,
    Array: Array,
    this: this,
    'this.a.toUpperCase()': this.a.toUpperCase(),
    'this.b.filter(v => v > 2)': this.b.filter(v => v > 2),
    'z': z}`
  ).bind(
    { a : "QWErty",
      b : [ 1, 2, 3, 4, 3, 2, 1 ]
    })
  ({log:console.log});

console.log('xxx', xxx)
const xxx = new Function(
  '$',
  [...Object.getOwnPropertyNames(globalThis)],
  `const z = [];
  for(const k of this.b) z.push(-k);
  $.log('\\n\\nHello Console!\\n\\n');
  return {
    self: self,
    globalThis: globalThis,
    Deno: Deno,
    crypto: crypto,
    Object: Object,
    String: String,
    Array: Array,
    this: this,
    'this.a.toUpperCase()': this.a.toUpperCase(),
    'this.b.filter(v => v > 2)': this.b.filter(v => v > 2),
    'z': z}`
  ).bind(
    { a : "QWErty",
      b : [ 1, 2, 3, 4, 3, 2, 1 ]
    })
  ({log:console.log});

console.log('xxx', xxx)
This returns: 
Hello Console!


xxx {
  self: undefined,
  globalThis: undefined,
  Deno: undefined,
  crypto: undefined,
  Object: undefined,
  String: undefined,
  Array: undefined,
  this: {
    a: "QWErty",
    b: [
      1, 2, 3, 4,
      3, 2, 1
    ]
  },
  "this.a.toUpperCase()": "QWERTY",
  "this.b.filter(v => v > 2)": [ 3, 4, 3 ],
  z: [
    -1, -2, -3, -4,
    -3, -2, -1
  ]
}
Hello Console!


xxx {
  self: undefined,
  globalThis: undefined,
  Deno: undefined,
  crypto: undefined,
  Object: undefined,
  String: undefined,
  Array: undefined,
  this: {
    a: "QWErty",
    b: [
      1, 2, 3, 4,
      3, 2, 1
    ]
  },
  "this.a.toUpperCase()": "QWERTY",
  "this.b.filter(v => v > 2)": [ 3, 4, 3 ],
  z: [
    -1, -2, -3, -4,
    -3, -2, -1
  ]
}
16 replies
DDeno
Created by Pavel (Pasha) Lechenko on 2/12/2024 in #help
How to restrict global scope in dynamically created function?
poor-man's expression evaluator 🤣
16 replies
DDeno
Created by Pavel (Pasha) Lechenko on 2/12/2024 in #help
How to restrict global scope in dynamically created function?
@lino-levan Here is a dirty trick: 
console.log(
  new Function(
    [...Object.getOwnPropertyNames(globalThis)], 
    `const z = []; 
    for(const k of this.b) z.push(-k); 
    return [
      self,
      globalThis, 
      Deno, 
      crypto, 
      Object, 
      String, 
      Array,
      this, 
      this.a.toUpperCase(), 
      this.b.filter(v => v > 2), 
      z]`
    ).bind(
      { a : "QWErty", 
        b : [ 1, 2, 3, 4, 3, 2, 1 ]
      })
    .call()
    )
console.log(
  new Function(
    [...Object.getOwnPropertyNames(globalThis)], 
    `const z = []; 
    for(const k of this.b) z.push(-k); 
    return [
      self,
      globalThis, 
      Deno, 
      crypto, 
      Object, 
      String, 
      Array,
      this, 
      this.a.toUpperCase(), 
      this.b.filter(v => v > 2), 
      z]`
    ).bind(
      { a : "QWErty", 
        b : [ 1, 2, 3, 4, 3, 2, 1 ]
      })
    .call()
    )
This undefines all members of globalThis and allows access only to this
16 replies
DDeno
Created by Pavel (Pasha) Lechenko on 2/12/2024 in #help
How to restrict global scope in dynamically created function?
Thank you. Sounds like dirty workaround.
16 replies
DDeno
Created by Pavel (Pasha) Lechenko on 2/12/2024 in #help
How to restrict global scope in dynamically created function?
In nodejs there is another option to run some code in restricted sandbox - use vm (https://nodejs.org/api/vm.html). In Deno I get: 
~$ deno
Deno 1.40.3
exit using ctrl+d, ctrl+c, or close()
REPL is running with all permissions allowed.
To specify permissions, run `deno repl` with allow flags.
> import vm from 'node:vm'
undefined
> vm.runInNewContext('a',{a:123})
Uncaught ReferenceError: a is not defined
    at <anonymous>:1:1
> const ctx = vm.createContext({a:123})
Uncaught Error: Not implemented: createContext
    at notImplemented (ext:deno_node/_utils.ts:9:9)
    at Object.createContext (node:vm:33:3)
    at <anonymous>:1:37
>
~$ deno
Deno 1.40.3
exit using ctrl+d, ctrl+c, or close()
REPL is running with all permissions allowed.
To specify permissions, run `deno repl` with allow flags.
> import vm from 'node:vm'
undefined
> vm.runInNewContext('a',{a:123})
Uncaught ReferenceError: a is not defined
    at <anonymous>:1:1
> const ctx = vm.createContext({a:123})
Uncaught Error: Not implemented: createContext
    at notImplemented (ext:deno_node/_utils.ts:9:9)
    at Object.createContext (node:vm:33:3)
    at <anonymous>:1:37
>
Are there any plans to implement/support this?
16 replies
DDeno
Created by Pavel (Pasha) Lechenko on 2/12/2024 in #help
How to restrict global scope in dynamically created function?
A simple scenario/use-case - I want to allow my users to evaluate their ts/js script snippets in context of my object(s).
16 replies
DDeno
Created by Pavel (Pasha) Lechenko on 2/12/2024 in #help
How to restrict global scope in dynamically created function?
Got it. Would be nice to see it in the roadmap 😉
16 replies