better-eval
Advanced tools
Comparing version 1.2.3 to 1.2.4
{ | ||
"name": "better-eval", | ||
"version": "1.2.3", | ||
"version": "1.2.4", | ||
"description": "🔧 An alternative to the 'eval' function in JavaScript that is faster, easier/better to use, and has less security issues.", | ||
@@ -5,0 +5,0 @@ "main": "src/index.js", |
@@ -5,3 +5,3 @@ # 🔧 better-eval | ||
The eval function in JavaScript sucks, and there lacks alternatives that provide the same simplicity that the original eval function had. **better-eval** solves this problem by adressing the security and spped issues, while delivering the same easy-to-use API. | ||
The eval function in JavaScript sucks, and there lacks alternatives that provide the same simplicity that the original eval function had. **better-eval** solves this problem by adressing the security and speed issues, while delivering the same easy-to-use API. | ||
@@ -8,0 +8,0 @@ <a href="https://www.producthunt.com/posts/better-eval?utm_source=badge-featured&utm_medium=badge&utm_souce=badge-better-eval" target="_blank"><img src="https://api.producthunt.com/widgets/embed-image/v1/featured.svg?post_id=327967&theme=light" alt="better-eval - 🔧 An alternative to 'eval' that is just better! | Product Hunt" style="width: 250px; height: 54px;" width="250" height="54" /></a> |
@@ -21,2 +21,3 @@ // blacklisted variables (no fn) to be passed in through vars param in betterEval | ||
module.exports = { | ||
@@ -23,0 +24,0 @@ blackListedVariablesNode, |
@@ -5,13 +5,19 @@ /** | ||
function clearContext() { | ||
// nonunique variable cancel outs | ||
// nonunique variable cancel outs (cant be pre-checked) | ||
require = null; | ||
module = null; | ||
// all constructors on this | ||
const keys = Object.getOwnPropertyNames(this).concat(["constructor"]); | ||
// go through keys, killing bad functions | ||
keys.forEach((key) => { | ||
const item = this[key]; | ||
// no null | ||
if (!item) return; | ||
// no fn | ||
if (typeof Object.getPrototypeOf(item).constructor === "function") { | ||
Object.getPrototypeOf(item).constructor = undefined; | ||
} | ||
// no constructor fn | ||
if (typeof item.constructor === "function") { | ||
@@ -23,4 +29,5 @@ this[key].constructor = undefined; | ||
// convert to string so can run in vm | ||
const insertedClearContext = `${clearContext.toString()}; clearContext()`; | ||
module.exports = insertedClearContext; |
@@ -12,6 +12,6 @@ "use strict"; | ||
* @description takes code to execute and exexcutes it safely! | ||
* @param {string} code - Code to be executed. | ||
* @param {object} insertedVariables - Variables from your code to pass into the execution context. Passed in like: {variableName, variableValue} | ||
* @param {object} vmOptions - The options for how to run the VM to execute the code (more info in vm pkg docs). | ||
* @returns {any} if your evaluated code returns a value, then betterEval will return it to you. | ||
* @param {string} code - code to be executed. | ||
* @param {object} insertedVariables - variables from your code to pass into the execution context. passed in like: {variableName, variableValue} | ||
* @param {object} vmOptions - the options for how to run the VM to execute the code (more info in vm pkg docs). | ||
* @returns {any} if your evaluated code returns a value, then betterEval will return that. | ||
*/ | ||
@@ -45,2 +45,1 @@ function betterEval(code, insertedVariables = null, vmOptions = {}) { | ||
module.exports = betterEval; | ||
@@ -1,2 +0,8 @@ | ||
/** Index File - Better Eval */ | ||
/*! | ||
* better-eval | ||
* Copyright(c) 2022 Bharadwaj Duggaraju | ||
* MIT Licensed | ||
*/ | ||
"use strict"; | ||
module.exports = require("./core"); |
@@ -6,7 +6,22 @@ const { blackListedVariablesNode } = require("./blackList"); | ||
* @param {'local' | 'vm'} execContext | ||
* @description parses user variables into context and prevents mal variables and objects (lv 1). | ||
* @returns {object} sandbox context with user variables. | ||
*/ | ||
function parseInsertedVariables(vars, sandbox) { | ||
// all keys of passed in variables | ||
Object.keys(vars).forEach(function (key) { | ||
if (blackListedVariablesNode.includes(vars[key])) return; | ||
sandbox[key] = vars[key]; | ||
if (blackListedVariablesNode.includes(vars[key])) return; // case 1: mal variable top level | ||
if (typeof vars[key] === "object") { | ||
// case 2: mal variable obj | ||
Object.keys(vars[key]).forEach((k) => { | ||
if (blackListedVariablesNode.includes(vars[key][k])) { | ||
vars[key][k] = null; | ||
} | ||
}); | ||
} | ||
/** next: nested (recursion) */ | ||
sandbox[key] = vars[key]; // add var to context if good | ||
}); | ||
@@ -13,0 +28,0 @@ |
9077
115