Open GantMan opened 5 years ago
ok, looks like plenty more problems to come, as I'm trying to put this in a webpack react app and it looks like this is not meant for that.
According to this, it seems you can get it working with Webpack: https://github.com/asvd/jailed/pull/26/files
For context: I'm working on getting it into my own webpack/react app, though am getting a different issue: for some reason the plugin.whenConnected
callback is never getting called. (am investigating)
Got it working in Webpack. My problem is that I was not copying the files in node_modules/jailed/lib
to the same "dist" directory as my "index.html" file. (jailed needs those files to be accessible when it's online)
Note that, for Webpack, you thus need two steps:
1) Have the files above copied to the "dist" directory before uploading to your server.
2) If you're using webpack-dev-server
(or equivalent), then you need a way for those files to be served by your local server when developing. If you have a "Resources" folder that is already exposed by the server, then just copy the files there. (depending on your setup, this might also cause the files to automatically be copied to the "dist" directory of step 1, when compiling for production)
@Venryx Thanks you helped me a lot, I can now use jailed in my react app.
I have a specific react problem though, maybe you can help me. Is there a way to render components securely inside the jailed sandbox?
I'm currently working on a project in which I import user-generated content with the help of MDX files into my react app at runtime and want to display these components in the sandbox (because MDX uses the javascript eval method internally).
Unfortunately, I have no idea how to display these components in the jailed sandbox and then display them in my React app. How I do a calculation in the jailed sandbox works, but unfortunately I have no idea how I can render the possibly unsafe content.
Do you have any approach how I could do this?
Sorry, but I have not used jailed for a long time (working on other projects), so I don't remember the details of how the library works anymore.
If you're worried about eval being used, I suggest using a Markdown renderer that does not rely on eval or dangerouslySetInnerHTML. The one I use is this: https://github.com/remarkjs/react-markdown
Any help would be appreciated!