ShadowFunction
Secure and controlable embedded third-party code for your website.
gitbook: https://shadow-function.gitbook.io
Install:
$ npm install shadow-
Test
Running demo:
$ npm start
Simulate the ISV code for security testing under demo/test.js.
Start
ShadowFunction
Simple example:
'console.log(a + b)' a: 1 b: 2 console // 3
Operational authority configuration:
let shadowFunctionshadowFunction = Node: 'nodeName' 'nodeType' 'textContent' Element: 'style' 'onblur' 'onfocus' 'onscroll' 'offsetWidth' 'offsetHeight' 'clientWidth' 'clientHeight' 'innerText' 'setAttribute' 'removeAttribute' 'createTextNode' 'addEventListener' 'getElementsByTagName' HTMLDivElement: document
Prototype chain restriction
'console.log(a.prototype)' console a: {} // undefined'console.log(a.valueOf.__proto__)' console a: {} // undefined
ShadowDocument
Secure and controllable method of creating nodes.
'console.log(a + b)'a: 1 b: 2 console // 3let shadowDocumentFn = documentbody '<div>123</div>' console
Safe jsonp