The panic-room for JavaScript
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


The panic-room for JavaScript. The concept is an inversion of the premise behind FuseJS and similar concepts (Sandie stands out as similar idea).

The Browser's runInNewContext

Code run in an iframe exists in a difference context. The global [this] references a the iframe window, js natives (Object, Array, Function, etc.) are linked to context specific prototypes, host objects (DOM prototypes like Element, etc.) are also private for that window context.

While these all reference new and separate instances of these variables, it's still possible to cross-pollinate between contexts. For example, the main window can grab references to an iframe's Array prototype and then have Array2 as a completely separate prototype chain from the main Array version. This allows extension of native prototypes without causing collateral damage. This concept (and other ways to achieve it) is explored heavily in FuseJS.


One flaw with the FuseJS concept is that you lose the "sugar" of being able to use variable literals. You can no longer simply do "[1, 2, 3]" or "string literal ahoy". They must all be first instantiated as Fuse.Array() or Fuse.String() which quickly loses its charm.

Safehouse is the inversion of the sandbox concept. Why can't all of a library or application's code live inside the iframe? It can just as easily have references to the main window in order to manipulate the DOM and attach event listeners. Instead of sandboxing the module, we sandbox the main page itself and anchor the code inside a netherspace that requires knowledge/permission to enter. It allows us to modify natives and host objects as much as we want without fear of stepping on a third party's toes, and still use the sugar of the unsandboxed language.

Testing for Now

This module is very much untested. It's a very basic loader for bootstrapping normal modules into a new context, with references provided to the main window. It's not meant to be an all inclusive package; just enough to get the real stuff loaded.


//One off


//Array in same context.

Safehouse(["lib/script1.js", "lib/script2.js", "lib/script3.js"]);

//Init a context with or without loading anything, use it to load more later.

var safe = Safehouse();
safe.load(["script2.js", "script3.js"]);

Scripts load into the new context as in a normal window. Some conviences are provided:

refs = {
	win:	 window,			// main window,
	doc:	 document,		// main document,
	iframe: element,	// this iframe,
	shared: {}				// shared stash between contexts

Available in the window context for each context. Each context reference (main window looking in) provides:

//single script or array


//a reference to an item under window in that context

var alienElement = safehouse.borrow("Element"); 

//same as borrow but it removes the original reference

var iwantall = safehouse.steal("Infinity");		

//similar to borrow but a reference is put into the shared stash