Javascript-如何安全地评估表达式以实现自动完成？

Question

I'm adding an auto-complete feature to my javascript console (the script is running on a remote browser).

My approach is to evaluate the expression where the caret is, and if the evaluation yield an object - suggest it's list of properties for auto-complete. For instance (where | is the caret position):

document.|

in this case I evaluate var evalExp = document; then iterate it's members for (var prop in evalExp) to create a list of auto-complete suggestions.

The problem is, if the expression I'm evaluating contains functions or assignments, such as:
count++ ,
e.click() or
alert('Some message') ,
I wouldn't want it to be executed, since it changes the browsers state instead of just evaluating and returnning an object.

Therefore, I want to avoid evaluating any expressions if they call functions, or if they contain assignment operators.

Questions:

Are there any other kinds of expressions I should avoid evaluating?

What alternative ways are there to create the suggestion list?

Answer 1

One alternative way to create the suggestion list is to get the object model as a string, split by periods, and loop over the last object's properties. For example...

var line = "document.body.getElementsBy",
objs = line.replace(/[\(\{\[]+.*?[\)\}\]]+/g, '').split(/[^\w\-]/),
lastObj = objs[objs.length - 1],
currentObj = window,
i = 0;

if (objs[0] === 'window') {
    objs.splice(0, 1);
}

objs.splice(-1, 1);

while (currentObj.hasOwnProperty(objs[i])) {
    currentObj = currentObj[objs[i++]];
}

for (var prop in currentObj) {
    if (prop.indexOf(lastObj) === 0) {
        console.log('Auto complete:', lastObj, 'with', prop);
    }
}

/* Outputs:
Auto complete: getElementsBy with getElementsByTagName
Auto complete: getElementsBy with getElementsByTagNameNS
Auto complete: getElementsBy with getElementsByClassName
*/

Your final code will be more complex but that's the general idea.