-
Notifications
You must be signed in to change notification settings - Fork 7
Home
Except for the contents of the global object (like Array, Function, etc.), each plugin receives its own context in which to assign variables.
The require function presents a bit of a challenge which must be worked around, though.
Namely, a required module is loaded in the same context as the caller of require.
Additionally, since the require method of the main module is passed into the wrapper, code required from sandboxed code will be run in the top-level context!
The way around that is to patch require so that it loads the new module in an existing sandbox.
As an extra measure of safety, some "dangerous" methods attached to the process object are disabled.
Dangerous, here, is defined as changing the operation of other plugins running under the same host.
While a solution would be to run each plugin in its own process, this introduces the overhead of IPC, so it would be preferable to find a solution/workaround in the plugin code, itself.