Helma Logo
main list history

Sandboxes

One cool new feature the helma.system module provides is the createSandbox() function to create JavaScript sandboxes. It allows you to set up an isolated JavaScript environment with its own module search path and global object. Optionally, you can inject global properties, restrict access to Java objects using a ClassShutter, and seal the global object.

The following code shows how to set up a sandbox with the directory some/dir as only module path and pass it the require() function from our host environment:

  include("helma/system");
  var sandbox = createSandbox("some/dir", {require: require});
  sandbox.runScript("test.js"); 

The createSandbox() function tries to evaluate a file called global.js to initialize the sandbox's global object. Optionally, the global object can be sealed after global.js has been run. The following code shows how to do that and also creates a sandbox that prevents any access to java objects.

  var classShutter = function(classname) { return false; };
  var sandbox = createSandbox('some/dir', {require: require},
                              classShutter, true); 

Note that the require function we pass to the sandbox is not affected by the ClassShutter since it is defined in the outer trusted host environment.

Links to this page: helma.system