Expo/sbjs

JS Sandboxing in your Browser without XSS https://sandboxjs.foo/docs/

Go to file

Exponential-Workload effd5fe332 fix: Fix moment		2023-10-12 00:54:29 +02:00
docs	fix(docs): Change wording	2023-10-06 22:10:29 +02:00
front	fix: source link	2023-10-06 21:23:54 +02:00
lib	fix: things	2023-10-06 21:35:00 +02:00
.gitignore	feat: Initial Commit	2023-10-06 11:53:12 +02:00
build.sh	fix: Fix some shit	2023-10-06 15:12:24 +02:00
deploy.sh	fix: resolve a stupid moment	2023-10-06 22:03:56 +02:00
gh-readme.md	fix: Fix moment	2023-10-12 00:54:29 +02:00
pages-readme.md	fix: resolve file issue things	2023-10-06 22:03:06 +02:00
README.md	fix: docs stuff	2023-10-06 21:21:32 +02:00

README.md

SandboxJS

A JS Sandboxing Utility utilizing iframes (and your browser's iframe sandbox) and postMessage.

A quick note

Any data inside of the sandbox iframe is not trustable as any site can write to it. Do not store data there, it is not a trusted environment.

Also, don't run this on any domains, or subdomains of any domain that you have sensitive information on - the best plan of action is to just use the dedicated domain sandboxjs.foo outside of testing.

Creating a sandbox

<script type="module">
  import SbJS from 'https://sandboxjs.foo/lib/lib.mjs'; // lib is also exposed as window.SandboxJS - use https://sandboxjs.foo/lib/lib.cjs alongside the window object if you're on commonjs.
  (async()=>{
    const sbx = await (new SandboxJS()
                            .init()); // resolves when the iframe is loaded and ready to go - this should be called before any other methods. You are not required to chain this, but you can.
    const returnValue = await sbx.run('alert(window.location.href);\nreturn `Hi from ${window.location.href}`;') // alerts 'https://sandboxjs.foo/' and returns 'Hi from https://sandboxjs.foo/'
  })();
</script>

Further Documentation

Docs