Node dies with unhandled exception on jailed plugin syntax error about jailed HOT 19 CLOSED

(please note that the plugin is submitted by users, and can have a syntax error)

from jailed.

Would it help, if you execute user's code in a try-catch block?

Have a look on how it's implemented in this demo and how it reacts to a syntax error in a user's provided code:

http://asvd.github.io/jailed/demos/web/console/

from jailed.

The problem is that I need to call functions on the user code / plugin . Evaluating the user block won't work.

Also, if you specify, for example function(a) { return 'a' } in the Web Console, it returns Unexpected token (

from jailed.

But can you maybe call those functions in try-catch block? What would happen then?

Also, if you specify, for example function(a) { return 'a' } in the Web Console, it returns Unexpected token (

Same happens if you run that code in Chrome Dev-tools. To make it work, you can add an assignment:

b = function(a) { return 'a' }

from jailed.

(what I'm doing now is something like):

var log
  , except
  , action
  , next
  , parameters = {}
  , staticData = {}
  , initException = null
  , indexedDB = null
  , location = null
  , navigator = null
  , onerror = null
  , onmessage = null
  , performance = null
  , self = null
  , webkitIndexedDB = null
  , postMessage = null
  , close = null
  , openDatabase = null
  , openDatabaseSync = null
  , webkitRequestFileSystem = null
  , webkitRequestFileSystemSync = null
  , webkitResolveLocalFileSystemSyncURL = null
  , webkitResolveLocalFileSystemURL = null
  , addEventListener = null
  , dispatchEvent = null
  , removeEventListener = null
  , dump = null
  , onoffline = null
  , ononline = null
  , importScripts = null
  , console = null

try {
    application.whenConnected(function() {

      application.remote.start()

      log = application.remote.log
      action = application.remote.action
      except = application.remote.except
      next = application.remote.next

      if (initException) except({type: 'init', e: stringifyException(initException)})

      application.setInterface ({
        callUserFunction: function(data) {
          try {
            onUserFunction(data)
            next()
          }
          catch(e) {
            except({type: 'runtime', e: stringifyException(e)})
          }
        }
      })
      ${script}

    })

}
catch(e) {
  initException = e
  if (except) except({type: 'init', e: stringifyException(e)})
}

var stringifyException = function(err, filter, space) {
  var plainObject = {}
  Object.getOwnPropertyNames(err).forEach(function(key) {
    plainObject[key] = err[key]
  })
  return JSON.stringify(plainObject, filter, space)
}

where ${script} contains the user code, which is like:

function onUserFunction (data) {
  // do something with the data
  log('did something with the data')
}

from jailed.

@asvd - btw, if I execute the users's code in a try catch block:

 try {
        ${script}
      }
    catch (e) {
      initException = e
      if (except) except({type: 'init', e: stringifyException(e)}
    }

It still dies with an unhandled exception

from jailed.

so user code is substituted into the plugin code body before creating the plugin instance?

from jailed.

Yep, it is.

from jailed.

I just can't pass it as a string and then eval it, because I need to call a callback in the user code and it needs to call callbacks in mine.

from jailed.

Not good, user can close the brace and break the structure of the code.

Do the following:

• add the plugin method setUserFunction() which will save user code as a string;
• evaluate it in a try-catch block upon callUserFunction() invocation;
• call whatever callbacks you need afterwards (next()?).

Is there any callbacks you cannot call in this way?

from jailed.

Should work if user's code simply calls log(), since eval() executes code in a current context and has everything available.

But if user-provided code is only intended to process some data, I would suggest simply to let user return the result, and then perform any respective actions on the application site. Why do you need user's code to do something additional?

from jailed.

See another demo concerning processing the data with user-provided code:

http://asvd.github.io/jailed/demos/web/process/

from jailed.

Because the user has to send commands to the main application based on the data. Ideally, the user would only have to write something like:

var state = {}

var initialize = function(initData) {
  // This is called once
  state.whatever = initData.whatever
}

var onData = function(data) {
  // This is called repeatedly every time there's a new piece of data
  state.whatever = state + data.whatever
  log('did something with the data')
  action('DO_SOMETHING', calculatedValue)
}

from jailed.

You can also return a string describing which respective action to perform on the application site. Or an array of them in case there might be several actions to be performed. Or a serialized object with properties containing the detailed description concerning what exactly user code wants to happen.

from jailed.

Your example:

var onData = function(data, oldState) {
    return {
        newState: oldState + data.whatever,
        action : {
            name: 'DO_SOMETHING',
            params: [calculatedValue]
        },
        log : 'did something with the data'
    };
}

from jailed.

I'll try something similar, thank you. Btw, the last demo doesn't work -- Mixed Content: The page at 'https://asvd.github.io/jailed/lib/_frame.html' was loaded over HTTPS, but requested an insecure Worker script 'blob:null/4abedc87-2d97-45be-9fc6-1c9bc351aa60'. This request has been blocked; the content must be served over HTTPS.

from jailed.

yep, will investigate on this. Should work if you load it by http instead of https

from jailed.

@asvd Can I close this or you need it open for the https issue?

from jailed.

We can close it. The https issue is solved on HEAD already.

from jailed.