GithubHelp home page GithubHelp logo

Comments (19)

cristiano-belloni avatar cristiano-belloni commented on August 24, 2024

(please note that the plugin is submitted by users, and can have a syntax error)

from jailed.

asvd avatar asvd commented on August 24, 2024

Would it help, if you execute user's code in a try-catch block?

Have a look on how it's implemented in this demo and how it reacts to a syntax error in a user's provided code:

http://asvd.github.io/jailed/demos/web/console/

from jailed.

cristiano-belloni avatar cristiano-belloni commented on August 24, 2024

The problem is that I need to call functions on the user code / plugin . Evaluating the user block won't work.

Also, if you specify, for example function(a) { return 'a' } in the Web Console, it returns Unexpected token (

from jailed.

asvd avatar asvd commented on August 24, 2024

But can you maybe call those functions in try-catch block? What would happen then?

Also, if you specify, for example function(a) { return 'a' } in the Web Console, it returns Unexpected token (

Same happens if you run that code in Chrome Dev-tools. To make it work, you can add an assignment:

b = function(a) { return 'a' }

from jailed.

cristiano-belloni avatar cristiano-belloni commented on August 24, 2024

(what I'm doing now is something like):

var log
  , except
  , action
  , next
  , parameters = {}
  , staticData = {}
  , initException = null
  , indexedDB = null
  , location = null
  , navigator = null
  , onerror = null
  , onmessage = null
  , performance = null
  , self = null
  , webkitIndexedDB = null
  , postMessage = null
  , close = null
  , openDatabase = null
  , openDatabaseSync = null
  , webkitRequestFileSystem = null
  , webkitRequestFileSystemSync = null
  , webkitResolveLocalFileSystemSyncURL = null
  , webkitResolveLocalFileSystemURL = null
  , addEventListener = null
  , dispatchEvent = null
  , removeEventListener = null
  , dump = null
  , onoffline = null
  , ononline = null
  , importScripts = null
  , console = null

try {
    application.whenConnected(function() {

      application.remote.start()

      log = application.remote.log
      action = application.remote.action
      except = application.remote.except
      next = application.remote.next

      if (initException) except({type: 'init', e: stringifyException(initException)})

      application.setInterface ({
        callUserFunction: function(data) {
          try {
            onUserFunction(data)
            next()
          }
          catch(e) {
            except({type: 'runtime', e: stringifyException(e)})
          }
        }
      })
      ${script}

    })

}
catch(e) {
  initException = e
  if (except) except({type: 'init', e: stringifyException(e)})
}

var stringifyException = function(err, filter, space) {
  var plainObject = {}
  Object.getOwnPropertyNames(err).forEach(function(key) {
    plainObject[key] = err[key]
  })
  return JSON.stringify(plainObject, filter, space)
}

where ${script} contains the user code, which is like:

function onUserFunction (data) {
  // do something with the data
  log('did something with the data')
}

from jailed.

cristiano-belloni avatar cristiano-belloni commented on August 24, 2024

@asvd - btw, if I execute the users's code in a try catch block:

 try {
        ${script}
      }
    catch (e) {
      initException = e
      if (except) except({type: 'init', e: stringifyException(e)}
    }

It still dies with an unhandled exception

from jailed.

asvd avatar asvd commented on August 24, 2024

so user code is substituted into the plugin code body before creating the plugin instance?

from jailed.

cristiano-belloni avatar cristiano-belloni commented on August 24, 2024

Yep, it is.

from jailed.

cristiano-belloni avatar cristiano-belloni commented on August 24, 2024

I just can't pass it as a string and then eval it, because I need to call a callback in the user code and it needs to call callbacks in mine.

from jailed.

asvd avatar asvd commented on August 24, 2024

Not good, user can close the brace and break the structure of the code.

Do the following:

  • add the plugin method setUserFunction() which will save user code as a string;
  • evaluate it in a try-catch block upon callUserFunction() invocation;
  • call whatever callbacks you need afterwards (next()?).

Is there any callbacks you cannot call in this way?

from jailed.

asvd avatar asvd commented on August 24, 2024

Should work if user's code simply calls log(), since eval() executes code in a current context and has everything available.

But if user-provided code is only intended to process some data, I would suggest simply to let user return the result, and then perform any respective actions on the application site. Why do you need user's code to do something additional?

from jailed.

asvd avatar asvd commented on August 24, 2024

See another demo concerning processing the data with user-provided code:

http://asvd.github.io/jailed/demos/web/process/

from jailed.

cristiano-belloni avatar cristiano-belloni commented on August 24, 2024

Because the user has to send commands to the main application based on the data. Ideally, the user would only have to write something like:

var state = {}

var initialize = function(initData) {
  // This is called once
  state.whatever = initData.whatever
}

var onData = function(data) {
  // This is called repeatedly every time there's a new piece of data
  state.whatever = state + data.whatever
  log('did something with the data')
  action('DO_SOMETHING', calculatedValue)
}

from jailed.

asvd avatar asvd commented on August 24, 2024

You can also return a string describing which respective action to perform on the application site. Or an array of them in case there might be several actions to be performed. Or a serialized object with properties containing the detailed description concerning what exactly user code wants to happen.

from jailed.

asvd avatar asvd commented on August 24, 2024

Your example:

var onData = function(data, oldState) {
    return {
        newState: oldState + data.whatever,
        action : {
            name: 'DO_SOMETHING',
            params: [calculatedValue]
        },
        log : 'did something with the data'
    };
}

from jailed.

cristiano-belloni avatar cristiano-belloni commented on August 24, 2024

I'll try something similar, thank you. Btw, the last demo doesn't work -- Mixed Content: The page at 'https://asvd.github.io/jailed/lib/_frame.html' was loaded over HTTPS, but requested an insecure Worker script 'blob:null/4abedc87-2d97-45be-9fc6-1c9bc351aa60'. This request has been blocked; the content must be served over HTTPS.

from jailed.

asvd avatar asvd commented on August 24, 2024

yep, will investigate on this. Should work if you load it by http instead of https

from jailed.

cristiano-belloni avatar cristiano-belloni commented on August 24, 2024

@asvd Can I close this or you need it open for the https issue?

from jailed.

asvd avatar asvd commented on August 24, 2024

We can close it. The https issue is solved on HEAD already.

from jailed.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.