Secure and controlable embedded third-party code for your website.
gitbook: https://shadow-function.gitbook.io
$ npm install shadow-function --save
Running demo:
$ npm start
Simulate the ISV code for security testing under demo/test.js.
Simple example:
import { ShadowFunction, ShadowDocument } from 'shadow-function'
new ShadowFunction('console.log(a + b)')({
a: 1,
b: 2,
console
}) // 3
Operational authority configuration:
let shadowFunction
shadowFunction = new ShadowFunction({
Node: [
'nodeName',
'nodeType',
'textContent'
],
Element: [
'style',
'onblur',
'onfocus',
'onscroll',
'offsetWidth',
'offsetHeight',
'clientWidth',
'clientHeight',
'innerText',
'setAttribute',
'removeAttribute',
'createTextNode',
'addEventListener',
'getElementsByTagName'
],
HTMLDivElement: []
})
shadowFunction(`
document.appendChild(document.createElement("div"))
`)({
document
})
Prototype chain restriction
new ShadowFunction('console.log(a.prototype)')({
console,
a: {}
}) // undefined
new ShadowFunction('console.log(a.valueOf.__proto__)')({
console,
a: {}
}) // undefined
Secure and controllable method of creating nodes.
import { ShadowFunction, ShadowDocument } from 'shadow-function'
new ShadowFunction('console.log(a + b)')({a: 1, b: 2, console}) // 3
let shadowDocumentFn = new ShadowDocument(document.body, '<div>123</div>')
shadowDocumentFn(`
document.body.append($template.content);
console.log(document.body.getElementsByTagName("div")[0].innerText)
`)({
console
})
import { jsonp } from 'shadow-function'
jsonp({
url: "http://suggest.taobao.com/sug?code=utf-8&q=iphoneX"
}).then((data) => {
console.log("jsonp:", data)
})