|
| 1 | +PimScript |
| 2 | +========= |
| 3 | + |
| 4 | +Runs untrusted third party JavaScript in a "jail" to allow it to |
| 5 | +enhance your web-page/web-app without causing huge security issues. |
| 6 | + |
| 7 | +Currently transforms code to be [ADsafe][] compliant. |
| 8 | + |
| 9 | +Why? |
| 10 | +---- |
| 11 | + |
| 12 | +We wanted a way of adding a layer of security to 3rd party plugins in |
| 13 | +[Pim][], to help defend users against rogue plugins. |
| 14 | + |
| 15 | +How it works |
| 16 | +------------ |
| 17 | + |
| 18 | +PimScript currently uses Douglas Crockford's [ADsafe][], which is based |
| 19 | +on his [JSLint][]. However, PimScript is intended to be thought of as |
| 20 | +more alike to FBJS - JS that is rewritten to run jailed without |
| 21 | +causing the original developer too much hassle. |
| 22 | + |
| 23 | +PimScript takes your JavaScript and then rewrites it (via AST |
| 24 | +manipulation using [UglifyJS][]) to be ADsafe compatible. If the code |
| 25 | +cannot be made ADsafe then the JSLint errors are output to allow the |
| 26 | +developer to tweak his code to be more compliant. |
| 27 | + |
| 28 | +There is no guarantee that PimScript will always be based on ADsafe. |
| 29 | + |
| 30 | +Structure of a PimScript |
| 31 | +------------------------ |
| 32 | + |
| 33 | +### Header |
| 34 | + |
| 35 | +The PimScript header contains details about the plugin/app/widget that |
| 36 | +affect how it runs, so it is highly important. Here's an example: |
| 37 | + |
| 38 | + /*!PIM_SCRIPT{ |
| 39 | + "name":"My Script" |
| 40 | + , "version":"0.0.1" |
| 41 | + , "access": ["plugin", "formatter"] |
| 42 | + }*/ |
| 43 | + |
| 44 | +**Name**: a short name for your plugin/widget. |
| 45 | +**Version**: the version of this script, uses [semver][]. |
| 46 | +**Access**: an array of the items that access is requested to. |
| 47 | + |
| 48 | +### Access |
| 49 | + |
| 50 | +The runtime environment will give the script access to each of the |
| 51 | +requested objects (these will need to be exported in ADsafe ways so that |
| 52 | +the plugin cannot break out of its jail), they will be made available in |
| 53 | +the global scope of the script (i.e. the script above can directly |
| 54 | +access the `plugin` and `formatter` objects.) |
| 55 | + |
| 56 | +### Body |
| 57 | + |
| 58 | +The body of the PimScript is simply JavaScript, however many of the |
| 59 | +variables you'd expect have been removed from the scope - there's no |
| 60 | +access to `window`, `document`, `alert`, `eval`, etc. Compile-time checks ensure |
| 61 | +that you don't try to access these variables (if you do then `pimscript` |
| 62 | +will fail to compile your script, and will tell you why). Run-time |
| 63 | +checks also help to protect too - for example all object properties are |
| 64 | +accessed via `ADSAFE.get` (though this is invisible to the plugin writer |
| 65 | +- PimScript rewrites this for you). |
| 66 | + |
| 67 | +Things to avoid |
| 68 | +--------------- |
| 69 | + |
| 70 | +JSLint/ADsafe are quite strict with their JavaScript parsing. PimScript |
| 71 | +tries to rewrite bits of your code to increase the chances of passing |
| 72 | +before feeding it to ADsafe. If your code is already high enough quality |
| 73 | +to pass JSLint in `safe` mode without errors then you'll certainly have |
| 74 | +a better chance of your script working! |
| 75 | + |
| 76 | +### Continue |
| 77 | +For some reason JSLint doesn't like `continue` statements. Simply avoid |
| 78 | +them. |
| 79 | + |
| 80 | +### Object-oriented programming |
| 81 | + |
| 82 | +ADsafe blocks access to `prototype`, `constructor` and the like for |
| 83 | +security reasons, so OO programming will be quite challenging. It's |
| 84 | +suggested that you try more expressive functional-style programming. |
| 85 | + |
| 86 | +Other uses |
| 87 | +---------- |
| 88 | + |
| 89 | +I suppose you could quite easily hack PimScript to be a pre-compiler for |
| 90 | +ADsafe code - no longer would you need to worry about writing all your |
| 91 | +own `ADSAFE.get` calls, etc., just write your code normally and then |
| 92 | +pipe it through PimScript to do all that for you. |
| 93 | + |
| 94 | + |
| 95 | +[Pim]: https://p.im/ |
| 96 | +[ADsafe]: http://www.adsafe.org/ |
| 97 | +[JSLint]: http://www.jslint.com/ |
| 98 | +[semver]: |
| 99 | +[UglifyJS]: |
0 commit comments