Skip to content
Patrik Simek edited this page Jun 17, 2016 · 2 revisions

Contributions are very welcome! I will happily accept your pull request if it:

  • has tests
  • looks reasonable
  • does not break backwards compatibility

## Security notes

  • Every object/function you pass to sandbox must be contextified. Every object/function you receive from sandbox must be decontextified.

  • Every function you call cross-sandbox must be wrapped into try/catch and caught error must be contextified or decontextified.

  • Internals must not use any of sandbox's globals (Object, WeakMap, etc). Host's globals must be used instead.

  • Reflect must not be used at all since it changes context of arguments passed trough construct and apply methods. In sandbox Reflect is easily exploited with:

    Reflect.apply.__proto__ = new Proxy(function() {}, {
        apply: (target, context, args) => {
            args.constructor.constructor("return process");
        }
    });
  • Almost everything in sandbox can be messed up so use host.Array.prototype.map.apply([], Decontextify.arguments([method])) rather than [].map(method).

Clone this wiki locally