简体繁体 English

Internet Explorer扩展（BHO）中的沙盒Javascript执行

[英]Sandboxed Javascript Execution in an Internet Explorer Extension (BHO)

原文 2010-01-08 18:22:53 1 4 javascript/ jquery/ internet-explorer/ sandbox/ bho

Firefox has the Sandbox and evalInSandbox(). Firefox有Sandbox和evalInSandbox（）。 Chrome has sandboxed execution in their content scripts (they call it isolated execution). Chrome在其内容脚本中具有沙盒执行（它们称之为独立执行）。 I'm looking for the same thing in an IE browser extension. 我在IE浏览器扩展中寻找相同的东西。

I can load a javascript file, then call evalScript(), but the code executes in the same environment as javascript that exists on the page. 我可以加载一个javascript文件，然后调用evalScript（），但代码在与页面上存在的javascript相同的环境中执行。 I need a way to run my library (which includes and is based on jQuery) in an sandboxed/isolated environment, but still allow it to modify the DOM as if it were running on the page. 我需要一种方法来运行我的库（包括并基于jQuery）在沙盒/隔离环境中，但仍然允许它修改DOM，就好像它在页面上运行一样。

Jint looks promising, but cannot currently evaluate jQuery. Jint看起来很有前途，但目前无法评估jQuery。 (They can parse it.) （他们可以解析它。）

How can I do this? 我怎样才能做到这一点？

4 个解决方案

Looks like you are in a pickle with this one. 看起来你和这个人在泡菜中。

Some Microsoft people say that IE doesn't offer this functionality 一些微软人说IE不提供此功能
Some who say they have been able to pull this off hold it close and protect it as their secret sauce 一些人说他们能够把它拉下来，把它关起来保护它作为他们的秘密酱
"Professional" IE extension shops, when contacted about building what you are talking about turn down the job “专业”IE扩展商店，当联系建立你正在谈论的事情时，拒绝工作

I really wish I had better news but it looks like it might take a small miracle to accomplish what you are looking for... or maybe a lot of money. 我真的希望我有更好的消息，但看起来可能需要一个奇迹来完成你正在寻找的东西......或者可能是很多钱。 : ) :)

Your best bet is probably going to be finding one of the few who claim they have been able to do it and pay them a lot to share the secret or reconsider why you really want what you want and see if you can't accomplish it another way. 你最好的选择可能是找到少数几个声称能够做到这一点的人之一并付出很多钱来分享这个秘密，或者重新考虑为什么你真的想要你想要的东西，看看你是否能够做到另一个办法。

You might find it worthwhile looking at the Microsoft Web Sandbox at the Live Labs: http://websandbox.livelabs.com/ 您可能会发现值得在Live Labs上查看Microsoft Web Sandbox： http ： //websandbox.livelabs.com/

Although it's more fully fledged and related to mashups and the like it might point you in the right direction. 虽然它更完全成熟并且与mashup等相关，但它可能会指向正确的方向。

Thing you are looking for is ActiveScript engine ( http://en.wikipedia.org/wiki/Active_Scripting ) 你正在寻找的是ActiveScript引擎（ http://en.wikipedia.org/wiki/Active_Scripting ）

I can`t find any usefull links now, MSDN contains only interfaces definition ( http://msdn.microsoft.com/en-us/library/ccd0zt2w(v=vs.85).aspx ) Try to Google "Active Scripting" (not "Action scripting"!) 我现在找不到任何有用的链接，MSDN只包含接口定义（ http://msdn.microsoft.com/en-us/library/ccd0zt2w(v=vs.85).aspx ）试试Google“Active Scripting” （不是“动作脚本”！）

You need to implement interface IActiveScriptHost in your extension, create an object of «JScript», call SetSite and pass your host object, then you can load your js code into this engine and run it. 您需要在扩展中实现接口IActiveScriptHost，创建一个«JScript»对象，调用SetSite并传递您的主机对象，然后您可以将您的js代码加载到此引擎并运行它。

This technique is a quite difficult due to lack of documentation about it. 由于缺乏关于它的文档，这种技术非常困难。 If you are still interested in this, I can send you some examples in C++/ATL. 如果你仍然对此感兴趣，我可以用C ++ / ATL向你发送一些例子。

Can you elaborate on your goals a bit? 你能详细说明一下你的目标吗？

I don't think you've clearly defined what you're trying to accomplish. 我认为你没有明确定义你想要完成的任务。 If your code has the ability to modify the page's DOM, then it effectively is executing in the context of the page. 如果您的代码能够修改页面的DOM，那么它实际上是在页面的上下文中执行。 It can create new script blocks to perform any unsafe or unreliable action that it could accomplish were it operating in the same execution environment. 它可以创建新的脚本块来执行在同一个执行环境中运行时可以完成的任何不安全或不可靠的操作。

IE doesn't offer a feature to do what you're asking, and I'm not convinced that the Firefox and Chrome features work the way that you expect that they do. IE没有提供一个功能来执行您所要求的功能，而且我不相信Firefox和Chrome功能会按照您期望的方式运行。