New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for running vm2 in browser #85
Comments
A somewhat hacky solution could involve AST rewriting to manually wrap each property access. For instance, Here is an example of AST rewriting, where function call nodes are wrapped in nodes like this. The disadvantages to this approach are that you can't easily debug the rewritten code, and that it takes some workarounds to deal with Function, eval and the like. |
I think the only way is very heavyweight that is to basically interpret JS yourself, or to replace Functions constructions with a custom implementation (such as inject variable and parse content). This method would be very hard to implement. Variable deletion is impossible due to variables like |
@io4, replacing Function, eval and the like at runtime is certainly possible with AST rewriting and it's not terribly difficult either. However, it does incur a heavy performance hit, both at "compile time" since you have to rewrite literally every function call and at runtime since function calls have to go through one layer of indirection. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Please don't close, this is a relevant issue. |
I'm thinking about using web workers to get vm2 working in browsers. I'll give it a shot. |
Maybe you can put it inside a sandboxed iframe as well. That way if it escapes, it's still restricted to the frame and cannot navigate the top level browsing context. |
The status is we can't use web workers because they don't share a memory with the host. I was testing the sandboxed iframe, but no success there either. Without the |
What kind of error did it give you? Did it need to access a variable? Was it missing a library? Any data that could be retrieved by exchanging messages between iframes? |
#227 is of interest, especially since Realms was mentioned specifically for browser sandboxing. |
I did try to fix the access to window with the same trick as realms-shim does. |
@patriksimek to get around the
|
I don't know of a way to observe |
Hi |
Working as a module: added |
Is support for vm2 in browser an actual thing or I need to use that long time branch ? |
As far as I know running the master branch in a browser is not safe due to access to the window global. There is a branch with browser support, however, it is outdated and insecure. |
This article from figma can help you https://www.figma.com/blog/how-we-built-the-figma-plugin-system/ |
https://github.com/sablejs/sablejs can be an alternative that can run in the nodejs and browser.
|
Branch: https://github.com/patriksimek/vm2/tree/feature-browsers
Library: https://github.com/patriksimek/vm2/blob/feature-browsers/dist/vm2.js
Usage
Issues
window.top
.TODO
NodeVM
from browser version.BrowserVM
to browser version with browser related features.The text was updated successfully, but these errors were encountered: