runInNewContext到底做了什么?
[英]What exactly does runInNewContext do?
问题描述
I am currently learning some code-base, and it has used runInNewContext more often, I tried looking up for but there is no proper definition. 
我目前正在学习一些代码库,并且它经常使用runInNewContext ,我试着查找但是没有正确的定义。
Reading the official docs specifies, all I could understand is the code is complied into the sandbox specified. 阅读官方文档指定,我所能理解的是code被code到指定的sandbox中。 What exactly does that mean, for example, there is a bit of code in the code-base that goes something like: 究竟是什么意思,例如,代码库中有一些代码如下:
request(url, function(error, response, body) {
var subject = {}
try
vm.runInNewContext(body, subject, url);
deferred.resolve(subject);
catch _error
console.log(_error);
}
What exactly happens here is confusing me. 这里到底发生了什么使我感到困惑。
Seeing this, I tried to toy around by passing a different object instead of body, but it spits out "Unexpected identifier". 看到这个,我试图通过传递一个不同的物体而不是身体玩弄它,但它吐出“意外的标识符”。
1 个解决方案
解决方案1
7 2014-12-10 06:47:17
runInNewContext creates a new "context" or "sandbox" in which the code runs. runInNewContext创建一个新的“上下文”或“沙箱”,代码在其中运行。
Say, for example, you have a chunk of code you want to run, which is loaded as a string. 例如,假设您有一大堆要运行的代码,它们将作为字符串加载。 Just eval -ing the string can be dangerous, and gives you little control over what variables and globals this code has. 只是对字符串进行eval可能很危险,并且几乎无法控制此代码所具有的变量和全局变量。
So, instead, you can create a sandbox, a new context, in which this code can be run. 因此,您可以创建一个沙箱,一个新的上下文,可以在其中运行此代码。 Further, you can "preset" variables that you want available, whether as contexts or as a way to pass things into the context. 此外,您可以“预设”您想要的变量,无论是作为上下文还是将事物传递到上下文中。
So say your code looks like this: 所以说你的代码看起来像这样:
var code = "var add = function(a,b){return a + b;}; add(one,two);";
This is a function, defined in a string, that adds two numbers, and then actively adds one and two . 这是一个函数,在字符串中定义,添加两个数字,然后主动添加one和two 。 What are one and two ? 什么是one和two ? Right now they are undefined. 现在他们是未定义的。 But if you run it in a new context, you can (reasonably) safely run the string code and even define one and two : 但是如果你在新的上下文中运行它,你可以(合理地)安全地运行字符串代码甚至定义one和two :
vm.runInNewContext(code,{one:1,two:2});
which will cause the code to run and add(1,2) . 这将导致代码运行并add(1,2) 。 A more useful example might be to save it. 一个更有用的例子可能是保存它。
var result = 0, code = "var add = function(a,b){return a + b;}; result = add(one,two);";
vm.runInNewContext(code,{one:1,two:2,result:result});
console.log(result); // spits out 3
Notice that we created a variable result in our sandbox context, so that the code in code could set it. 请注意,我们在沙箱上下文中创建了一个变量result ,以便代码中的code可以设置它。
I used it in cansecurity's declarative authorization, where you can set an expression to be evaluated and the output will only pass if the result is true . 我在cansecurity的声明性授权中使用它,您可以在其中设置要评估的表达式,并且只有在结果为true时才输出输出。 https://github.com/deitch/cansecurity look at https://github.com/deitch/cansecurity/blob/master/lib/declarative.js#L96 https://github.com/deitch/cansecurity查看https://github.com/deitch/cansecurity/blob/master/lib/declarative.js#L96
In that case, I actually take the result. 在那种情况下,我实际上取得了结果。 For example, my code might be 例如,我的代码可能是
var str = "user.id === req.user || user.role === 'admin'";
var authorized = vm.runInNewContext(str,{user:{id:"10",name:"John"},user:{role:"member",id:"10"}, req:{user:"20"}});
console.log(authorized); // spits out false, because user.id !== req.user, and user.role !== "admin"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.