Pass values to jailed code

asvd / jailed

execute untrusted code with custom permissions

MIT License

1.01k stars 69 forks source link

Pass values to jailed code #58

Open scattered opened 2 years ago

scattered commented 2 years ago

I'm sure I'm missing something obvious, but how do I go about passing an object of key / value pairs to the jailed code?

For example, if I had something like:

{
  firstName: John,
  lastName: Doe
}

How would I go about accessing firstName and lastName within plugin.js? My original guess was that I'd add the object to the 2nd property of jailed.Plugin(pathToPlugin, { scope: { firstName: 'John', lastName: 'Doe' } }) but it didn't work.

I looked at the web-banner example in the repo, but the bad / good image names are hardcoded into plugin.js. I need those values to be dynamic.

eric-hemasystems commented 2 years ago

I'm using the dynamic plugin so YMMV but what I do is have my script export a function called run that then the host calls. Something like this:

import { DynamicPlugin as sandbox } from 'jailed'

const boilerplate = `
  application.setInterface({
    // Function called by app to start script
    run: async (data, done) => {
      .... script to run ....

      done()
    }
  })
`

const process = new sandbox(boilerplate, callbacks)

return new Promise(resolve => {
  process.whenConnected(()=> {
    process.remote.run({ ...data to pass.... }, resolve)
  })
})

You could also just serialize the data and embed in your dynamic script.

scattered commented 2 years ago

Thanks for the example. It looks to be working.

Serializing the data was my first thought, but thought there should be a better solution (such as what you provided).

Thanks again.