quarantiner
v0.1.0-alpha.8
Published
A script isolator that runs scripts inside a sandbox iframe
Downloads
20
Readme
Quarantiner
[EXPERIMENTAL] Isolates scripts that may modify prototypes by running them inside an <iframe>
realm.
What is it?
This is not a security-focused sandbox. It is expected (for now) that a script will be able to escape the sandbox if intentional.
The main purpose of this sandbox is to provide a lightweight isolated script environment (realm) so that incompatible or badly-behaving scripts that modify global objects or global prototypes can be isolated enough from each other to function together.
Recommended usage
It is recommended that you use this alongside a bundler, e.g. via the Rollup plugin rollup-plugin-sandbox.
Alternative usage (if requiring directly)
$ npm i quarantiner
Global API
A global object quarantiner
will be installed, which is actually defined by the UMD build for this library.
Methods of the quarantiner
global:
quarantiner.quarantine(...)
:quarantiner.quarantine( wrapper: WrapperFunction, config: ConfigOptions = { globals: {}, sandbox: 'default' } ): Promise<void>
wrapper
: a function that defines a script to be executed inside the sandbox realm.config
: an optional configuration object:config.globals
: globals that are expected to be defined by the script, that should then be defined as globals on the main window/global object. Example:{ myGlobal: { type: 'function' } }
config.sandbox
: name of the sandbox to execute the script inside. any scripts that specify the same sandbox name will be run inside the same sandbox.
quarantiner.getSandbox(name: string = 'default'): Promise<Sandbox>
: Allows fetching theSandbox
instance for a declared sandbox.
See also
- rollup-plugin-sandbox, a Rollup plugin which uses this library.