0

My only requirement for executing this arbitrary js code is that certain global variables/functions (e.g. setInterval) are not exposed.

My current strategy involves parsing through the js code and making a var declaration (at the beginning of the enclosing closure) for every global reference.

I'm wondering if there's any other obvious way to solving this.

Also just to clarify, this arbitrary code is not being run with things like eval. Rather, it's being wrapped inside a closure and appended to the base code.

Improve this question
4
  • If you have a small finite list of things the JS cannot do, one of the idea would be to override the functions and variables with your values like window.alert = myalert. This obviously makes them globally unavailable. Just in case it suits your purpose. Commented Dec 18, 2012 at 10:39
  • You could wrap the code in a closure (a closure is just a function). Then every global declaration becomes local to the closure. Commented Dec 18, 2012 at 11:35
  • @raghavv Yea that's the better approach and exactly what I need to do. I can't believe I missed this obvious but essential point. Please leave an answer and I'll accept. Thanks! Commented Dec 18, 2012 at 23:37
  • @PatrickGunderson My goal is to actually deny access to those globals in the arbitrary JS code. Thanks for your comment though! Commented Dec 18, 2012 at 23:39

1 Answer 1

Reset to default
1

One of the options is to override the globals by supplying your own function or variables. Example:

window.alert = function() {
// your code goes here
// Optionally call window.alert if needed
}

This should be manageable if you have a small finite list of things you wish to hide. This will make them globally unavailable.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.