Skip to content
🐚 creates a sandboxed iframe with methods for eval and writing to document body
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
test
.gitignore
README.md
example.js
iframe-stream.js
index.js
package.json
preamble.js

README.md

Iframe Sandbox

Don't assume this is a perfect sandbox. Infinite loops will crash the main page. See this thread.

usage

var IframeSandbox = require('iframe-sandbox')

IframeSandbox({ container: document.body }, function(err, sandbox){

  console.log('ready')

  sandbox.eval('1+2', function(err, result){
    console.log('eval:',result)
  })

})

config

All config options are passed to iframe. See here for iframe config options.

var opts = {
  container: document.body,  
  src: urlOfBootstrappedIframe,  
}

IframeSandbox(opts, cb)
Bootstrapped iframe

To use a hosted, bootstrapped iframe, specify the url as the src config option. See here for more about using a bootstrapped iframe.

methods

eval

Evals js in the sandbox's context. Calls the callback with the error (as a string) or the result.

sandbox.eval( jsString, function(err, result){ /* ... */ } )
createWriteStream

Creates a WriteStream that writes to the document via document.write. Note: scripts written to the DOM wont be run until 'document.close()' is called, triggered by the end of the stream.

var ws = sandbox.createWriteStream()
somewhereAwesome.pipe(ws)
'message' event

Inside the sandbox context there is an extra exposed global sandboxMessage that will re-materialize objects in the main context and handle cross-context callbacks via dnode. Listen to the 'message' event in the main context to receive the messages

sandbox.on('message', function(arg1, arg2, ...){
  console.log(arguments)
})

sandbox.eval('sandboxMessage("hello", "world")')

notes

Writing external script tags to the document does not seem to work. The following will not load bundle.js.

var ws = sandbox.createWriteStream()
ws.write('<script src="bundle.js"></script>')
ws.end()
You can’t perform that action at this time.