From 498251427748b2808651823ecbfca87bb380e4ad Mon Sep 17 00:00:00 2001 From: Franziska Hinkelmann Date: Thu, 9 Nov 2017 06:35:04 +0100 Subject: [PATCH] src: explain implementation of vm module The vm module uses interceptors on the object template. This is not straight forward and a comment in the source will help the next person working on this. --- src/node_contextify.cc | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/node_contextify.cc b/src/node_contextify.cc index 678ba70f033e51..47806aa7f61786 100644 --- a/src/node_contextify.cc +++ b/src/node_contextify.cc @@ -64,8 +64,29 @@ using v8::UnboundScript; using v8::Value; using v8::WeakCallbackInfo; +// The vm module executes code in a sandboxed environment with a different +// global object than the rest of the code. This is achieved by applying +// every call that changes or queries a property on the global `this` in the +// sandboxed code, to the sandbox object. +// +// The implementation uses V8's interceptors for methods like `set`, `get`, +// `delete`, `defineProperty`, and for any query of the property attributes. +// Property handlers with interceptors are set on the object template for +// the sandboxed code. Handlers for both named properties and for indexed +// properties are used. Their functionality is almost identical, the indexed +// interceptors mostly just call the named interceptors. +// +// For every `get` of a global property in the sandboxed context, the +// interceptor callback checks the sandbox object for the property. +// If the property is defined on the sandbox, that result is returned to +// the original call instead of finishing the query on the global object. +// +// For every `set` of a global property, the interceptor callback defines or +// changes the property both on the sandbox and the global proxy. + namespace { +// Convert an int to a V8 Name (String or Symbol). Local Uint32ToName(Local context, uint32_t index) { return Uint32::New(context->GetIsolate(), index)->ToString(context) .ToLocalChecked();