Skip to content
/ jailedEval Public

Simple function that provides the ability to safely 'eval' javascript code without access to the global context

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pseudosavant/jailedEval

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
example
example
 
 
src
src
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
jailedEval.sln
jailedEval.sln
 
 

Repository files navigation

jailedEval

by Paul Ellis

What does jailedEval do?

It allows you to safely run/eval javascript code without allowing access to the global context (window, document, etc).

But isn't eval bad?

Yes, eval is bad. But it is mostly bad just because you shouldn't allow untrusted code to access any of your page's or user's data (e.g. the global context). This script allows you to eval code, but only with a restricted set of global properties.

What global properties are accessible?

You can easily change the 'allowed' global properies in the allowed array. By default it only allows these properties:

  • RegExp
  • Math
  • Array
  • Object
  • JSON
  • Number
  • parseInt
  • parseFloat

Example usage

ps.utils.jailedEval('var a = 2; a += 2; return a;'); // Returns 4

ps.utils.jailedEval('return document;'); // Returns undefined

var code = '\
	var a = Math.PI; \
	a *= Math.PI; \
	return Math.pow(a, 0.5);\
';
ps.utils.jailedEval(code); // Returns 3.141592653589793

License

BSD

About

Simple function that provides the ability to safely 'eval' javascript code without access to the global context

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages