-
Notifications
You must be signed in to change notification settings - Fork 295
Contributing
Contributions are very welcome! I will happily accept your pull request if it:
- has tests
- looks reasonable
- does not break backwards compatibility
## Security notes
-
Every object/function you pass to sandbox must be contextified. Every object/function you receive from sandbox must be decontextified.
-
Every function you call cross-sandbox must be wrapped into
try/catch
and caught error must be contextified or decontextified. -
Internals must not use any of sandbox's globals (
Object
,WeakMap
, etc). Host's globals must be used instead. -
Reflect
must not be used at all since it changes context of arguments passed troughconstruct
andapply
methods. In sandboxReflect
is easily exploited with:Reflect.apply.__proto__ = new Proxy(function() {}, { apply: (target, context, args) => { args.constructor.constructor("return process"); } });
-
Almost everything in sandbox can be messed up so use
host.Array.prototype.map.apply([], Decontextify.arguments([method]))
rather than[].map(method)
.