[英]What exactly does runInNewContext do?
I am currently learning some code-base, and it has used runInNewContext
more often, I tried looking up for but there is no proper definition. 我目前正在学习一些代码库,并且它经常使用
runInNewContext
,我试着查找但是没有正确的定义。
Reading the official docs specifies, all I could understand is the code
is complied into the sandbox
specified. 阅读官方文档指定,我所能理解的是
code
被code
到指定的sandbox
中。 What exactly does that mean, for example, there is a bit of code in the code-base that goes something like: 究竟是什么意思,例如,代码库中有一些代码如下:
request(url, function(error, response, body) {
var subject = {}
try
vm.runInNewContext(body, subject, url);
deferred.resolve(subject);
catch _error
console.log(_error);
}
What exactly happens here is confusing me. 这里到底发生了什么使我感到困惑。
Seeing this, I tried to toy around by passing a different object instead of body, but it spits out "Unexpected identifier". 看到这个,我试图通过传递一个不同的物体而不是身体玩弄它,但它吐出“意外的标识符”。
runInNewContext
creates a new "context" or "sandbox" in which the code runs. runInNewContext
创建一个新的“上下文”或“沙箱”,代码在其中运行。
Say, for example, you have a chunk of code you want to run, which is loaded as a string. 例如,假设您有一大堆要运行的代码,它们将作为字符串加载。 Just
eval
-ing the string can be dangerous, and gives you little control over what variables and globals this code has. 只是对字符串进行
eval
可能很危险,并且几乎无法控制此代码所具有的变量和全局变量。
So, instead, you can create a sandbox, a new context, in which this code can be run. 因此,您可以创建一个沙箱,一个新的上下文,可以在其中运行此代码。 Further, you can "preset" variables that you want available, whether as contexts or as a way to pass things into the context.
此外,您可以“预设”您想要的变量,无论是作为上下文还是将事物传递到上下文中。
So say your code looks like this: 所以说你的代码看起来像这样:
var code = "var add = function(a,b){return a + b;}; add(one,two);";
This is a function, defined in a string, that adds two numbers, and then actively adds one
and two
. 这是一个函数,在字符串中定义,添加两个数字,然后主动添加
one
和two
。 What are one
and two
? 什么是
one
和two
? Right now they are undefined. 现在他们是未定义的。 But if you run it in a new context, you can (reasonably) safely run the string code and even define
one
and two
: 但是如果你在新的上下文中运行它,你可以(合理地)安全地运行字符串代码甚至定义
one
和two
:
vm.runInNewContext(code,{one:1,two:2});
which will cause the code to run and add(1,2)
. 这将导致代码运行并
add(1,2)
。 A more useful example might be to save it. 一个更有用的例子可能是保存它。
var result = 0, code = "var add = function(a,b){return a + b;}; result = add(one,two);";
vm.runInNewContext(code,{one:1,two:2,result:result});
console.log(result); // spits out 3
Notice that we created a variable result
in our sandbox context, so that the code in code
could set it. 请注意,我们在沙箱上下文中创建了一个变量
result
,以便代码中的code
可以设置它。
I used it in cansecurity's declarative authorization, where you can set an expression to be evaluated and the output will only pass if the result is true
. 我在cansecurity的声明性授权中使用它,您可以在其中设置要评估的表达式,并且只有在结果为
true
时才输出输出。 https://github.com/deitch/cansecurity look at https://github.com/deitch/cansecurity/blob/master/lib/declarative.js#L96 https://github.com/deitch/cansecurity查看https://github.com/deitch/cansecurity/blob/master/lib/declarative.js#L96
In that case, I actually take the result. 在那种情况下,我实际上取得了结果。 For example, my code might be
例如,我的代码可能是
var str = "user.id === req.user || user.role === 'admin'";
var authorized = vm.runInNewContext(str,{user:{id:"10",name:"John"},user:{role:"member",id:"10"}, req:{user:"20"}});
console.log(authorized); // spits out false, because user.id !== req.user, and user.role !== "admin"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.