workerboxjs
Advanced tools
workerboxjs - npm Package Compare versions
Comparing version 5.3.0 to 6.0.0
@@ -5,2 +5,3 @@ import createCallbackStore from './createCallbackStore.js'; | ||
| import argsToString from './argsToString.js'; | ||
| import builtinWorker from './builtinWorker.html.js'; | ||
@@ -18,3 +19,7 @@ const instances = { | ||
| 'position: fixed; height: 0; width: 0; opacity: 0; top: -100px;'; | ||
| iframe.src = url; | ||
| if (url) { | ||
| iframe.src = url; | ||
| } else { | ||
| iframe.srcdoc = url || builtinWorker; | ||
| } | ||
| document.body.appendChild(iframe); | ||
@@ -34,4 +39,5 @@ channel.port1.onmessage = onMessage; | ||
| export async function createWorkerBox (scriptUrl, options) { | ||
| export async function createWorkerBox (options) { | ||
| options = { | ||
| serverUrl: null, | ||
| appendVersion: true, | ||
@@ -41,21 +47,11 @@ ...options | ||
| if (scriptUrl.slice(-1) === '/') { | ||
| scriptUrl = scriptUrl.slice(0, -1); | ||
| if (options.serverUrl && options.serverUrl.slice(-1) === '/') { | ||
| options.serverUrl = options.serverUrl.slice(0, -1); | ||
| } | ||
| if (options.appendVersion) { | ||
| scriptUrl = scriptUrl + '/v5.3.0/'; | ||
| if (options.serverUrl && options.appendVersion) { | ||
| options.serverUrl = options.serverUrl + '/v6.0.0/'; | ||
| } | ||
| try { | ||
| scriptUrl = new URL(scriptUrl); | ||
| } catch (error) { | ||
| console.error(error); | ||
| throw new Error( | ||
| [ | ||
| 'createWorkerBox must be given a remote sandbox server to isolate unsafe code.', | ||
| 'a free hosted version is available at https://workerbox.net/' | ||
| ].join('\n') | ||
| ); | ||
| } | ||
| options.serverUrl = options.serverUrl && (new URL(options.serverUrl)).href; | ||
@@ -71,3 +67,3 @@ const callbacks = createCallbackStore(); | ||
| const instance = await createWorkerboxInstance(scriptUrl.href, async message => { | ||
| const instance = await createWorkerboxInstance(options.serverUrl, async message => { | ||
| const [action, { id, args, resolve, reject }] = message.data; | ||
@@ -110,3 +106,3 @@ | ||
| destroy: () => instance.destroy(), | ||
| scriptUrl: scriptUrl.href | ||
| options | ||
| }; | ||
@@ -113,0 +109,0 @@ } |
| { | ||
| "name": "workerboxjs", | ||
| "version": "5.3.0", | ||
| "version": "6.0.0", | ||
| "type": "module", | ||
@@ -40,8 +40,8 @@ "description": "A secure sandbox to execute untrusted user JavaScript, in a web browser, without any risk to your own domain/site/page.", | ||
| "debounce": "^1.2.1", | ||
| "esbuild": "^0.17.14", | ||
| "esbuild": "^0.17.15", | ||
| "just-tap": "^2.5.0", | ||
| "minify": "^9.2.0", | ||
| "puppeteer": "^19.8.2", | ||
| "puppeteer": "^19.8.3", | ||
| "servatron": "^2.4.3" | ||
| } | ||
| } |
@@ -5,7 +5,2 @@ # WorkerBox | ||
| ## Installation | ||
| To ensure the untrusted code can not access any data, permissions, that have been given to your site, it's important the evaluator is run on a domain completely separate from your own site. | ||
| The separate domain code is located in the [`./server`](./server) folder of this repo. You can host it yourself, but make sure it's on another domain, or feel free to use the default one for free at [https://workerbox.net/](https://workerbox.net/). | ||
| ### Install npmjs | ||
| ``` | ||
@@ -20,3 +15,3 @@ npm install --save workerboxjs | ||
| // Note each `workerbox` instance has it's own sandbox | ||
| const { run, destroy } = await createWorkerBox('https://sandbox.workerbox.net/'); | ||
| const { run, destroy } = await createWorkerBox(); | ||
@@ -130,3 +125,3 @@ let callback; | ||
| ## How does it work? | ||
| An iframe is inserted into the page from a completely separate domain. | ||
| An iframe is inserted into the page (optionally from a completely separate domain). | ||
@@ -136,1 +131,11 @@ The iframe then creates a web worker, and handles posting messages between the iframe, webworker and your own app. | ||
| Because the only communication between the user code and the workerbox is done through messaging, the argument inputs and outputs must all be JSON serializable. | ||
| ### Separate domain | ||
| While the iframe has the `sandbox="allow-scripts"` attribute set, and therefore acts like it's on another domain, you can still run the server on another domain if you wish. | ||
| ```javascript | ||
| const { run } = await createWorkerBox({ | ||
| serverUrl: 'https://sandbox.workerbox.net', | ||
| appendVersion: true | ||
| }); | ||
| ``` |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by31.85%
15496
- Number of package files
- increased by7.69%
14
- Number of lines in readme file
- increased by3.76%
138
Worsened metrics
- Lines of code
- decreased by-1.62%
182