Iframe Sandbox

Don't assume this is a perfect sandbox. Infinite loops will crash the main page. See this thread.

usage

var IframeSandbox = require('iframe-sandbox')

IframeSandbox({ container: document.body }, function(err, sandbox){

  console.log('ready')

  sandbox.eval('1+2', function(err, result){
    console.log('eval:',result)
  })

})

config

All config options are passed to iframe. See here for iframe config options.

var opts = {
  container: document.body,  
  src: urlOfBootstrappedIframe,  
}

IframeSandbox(opts, cb)

Bootstrapped iframe

To use a hosted, bootstrapped iframe, specify the url as the src config option. See here for more about using a bootstrapped iframe.

methods

eval

Evals js in the sandbox's context. Calls the callback with the error (as a string) or the result.

sandbox.eval( jsString, function(err, result){ /* ... */ } )

createWriteStream

Creates a WriteStream that writes to the document via document.write. Note: scripts written to the DOM wont be run until 'document.close()' is called, triggered by the end of the stream.

var ws = sandbox.createWriteStream()
somewhereAwesome.pipe(ws)

'message' event

Inside the sandbox context there is an extra exposed global sandboxMessage that will re-materialize objects in the main context and handle cross-context callbacks via dnode. Listen to the 'message' event in the main context to receive the messages

sandbox.on('message', function(arg1, arg2, ...){
  console.log(arguments)
})

sandbox.eval('sandboxMessage("hello", "world")')

notes

Writing external script tags to the document does not seem to work. The following will not load bundle.js.

var ws = sandbox.createWriteStream()
ws.write('<script src="bundle.js"></script>')
ws.end()