-
Notifications
You must be signed in to change notification settings - Fork 468
Contributing
Patrik Simek edited this page Jun 17, 2016
·
16 revisions
Contributions are very welcome! I will happily accept your pull request if it:
- has tests
- looks reasonable
- does not break backwards compatibility
## Security notes
- Every object/function you pass to sandbox must be contextified. Every object/function you receive from sandbox must be decontextified.
- Every function you call cross-sandbox must be wrapped into
try/catchand caught error must be contextified or decontextified. - Internals must not use any of sandbox's globals (
Object,WeakMap, etc). Host's globals must be used instead. One exception isReflectbecause it changes context of arguments array to it's context. - Almost everything in sandbox can be messed up so use
host.Reflect.apply(host.Array.prototype.map, [], Decontextify.arguments([method]))rather than[].map(method).