Embedding narwhal and SpiderMonkey
41 views
Skip to first unread message
Saj
May 25, 2011, 1:00:40 PM5/25/11
to Narwhal and Jack
I want to use Narwhal in a 'secure' server-side embedding to grant
access to various libraries to my users.
I see a few challenges:
1) The implementation of require, as found in lib/sandbox.js exposes
the paths array to the user.
2) I'd like to strip out any file or I/O related modules.
3) I'd like to 'erase' the primordial 'read' and 'isFile' functions
needed to bootstrap the environment.
How can I effectively create a simple sandbox using Narwhal?
I could start editing chunks of sandbox.js, e.g., turn the 'paths'
property into a variable the Sandbox() function is closed over, etc.
I'd rather not go down this path, if there's a simpler solution.
Any feedback would be appreciated.
Thanks,
S
access to various libraries to my users.
I see a few challenges:
1) The implementation of require, as found in lib/sandbox.js exposes
the paths array to the user.
2) I'd like to strip out any file or I/O related modules.
3) I'd like to 'erase' the primordial 'read' and 'isFile' functions
needed to bootstrap the environment.
How can I effectively create a simple sandbox using Narwhal?
I could start editing chunks of sandbox.js, e.g., turn the 'paths'
property into a variable the Sandbox() function is closed over, etc.
I'd rather not go down this path, if there's a simpler solution.
Any feedback would be appreciated.
Thanks,
S
Kris Kowal
Jun 3, 2011, 5:49:21 PM6/3/11
to narw...@googlegroups.com
Instead of removing things from Narwhal (which you might find useful
for setting up some capabilities for your users, you might consider
using the "sandbox" module to create a new, attenuated module system.
Instead of providing a loader, provide a modules hash with the
capabilities you want the user to be able to load. You can also
create an attenuated loader if you want users to have limited access
to their own modules.
for setting up some capabilities for your users, you might consider
using the "sandbox" module to create a new, attenuated module system.
Instead of providing a loader, provide a modules hash with the
capabilities you want the user to be able to load. You can also
create an attenuated loader if you want users to have limited access
to their own modules.
Bear with me since I haven't used this in a while:
var SB = require("narwhal/sandbox");
var sb = SB.Sandbox({
"modules": {…},
"loader": require.loader // or something with limited loading powers
});
Narwhal is pretty flexible about instantiating new module systems with
limited or injected capabilities.
Kris Kowal
Reply all
Reply to author
Forward
0 new messages