f-twelve icon indicating copy to clipboard operation
f-twelve copied to clipboard

Published 20 hours ago verified publisher icon cerner

Enhance command parser

Open pgross41 opened this issue 4 years ago • 2 comments

The console uses parseCommand to support reading and assigning variables but functionality is very limited as it is not a true command parser. Opting not to use Function because executing unchecked user input poses security concerns.

This is a solution that uses Function with an allowlist strategy so that only supported members on window can be executed: https://stackoverflow.com/a/46374395

This is ideal as it would allow debugging with Intl which has been a common cause of issues in embedded IE.

pgross41 avatar Jun 30 '20 19:06 pgross41

The stackoverflow option above is useless. This or something like it seems better: https://github.com/asvd/jailed Demo site: http://asvd.github.io/jailed/demos/web/console/

pgross41 avatar Aug 13 '20 07:08 pgross41

Or run in a sandboxed iframe https://stackoverflow.com/a/26488003

pgross41 avatar Aug 13 '20 07:08 pgross41