如何安全地运行/包含/需要远程 javascript?
[英]How do I run/include/require remote javascript safely?
问题描述
Suppose I have an API for my bakery.
假设我的面包店有一个 API。 I want to receive my baking instructions from a remote URL (ex: a gist)我想从远程 URL 接收我的烘焙说明(例如:要点)
class Bakery{
static bake(instructionsURL){
const workers = ['bob','betty'];
//const followInstructions = getFromURL(instructionsURL); //need help here
const product = followInstructions(workers);
console.log(product);
}
}
I'd like to make sure the instructions are contained so that I don't risk the rest of my code.我想确保包含说明,以免我的代码的其余部分冒险。 I would like to do something like a module require or import.我想做一些像模块需要或导入的事情。 I can't find a solution where I don't have to blindly execute unknown code...我找不到不需要盲目执行未知代码的解决方案......
1 个解决方案
解决方案1
0 2019-01-15 20:59:04
You should execute the code in a sandboxed iframe on an external domain, exactly like what StackOverflow does to handle running untrusted code in its snippets feature.您应该在外部域的沙盒 iframe 中执行代码,就像StackOverflow在其片段功能中处理运行不受信任的代码一样。
Do note that very old browsers (think before IE11) do not support sandboxed iframes.请注意,非常旧的浏览器(想想 IE11 之前)不支持沙盒 iframe。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.