Skip to content
This repository has been archived by the owner on Apr 22, 2023. It is now read-only.

vm.createContext and inheritance #3884

Closed
jankuca opened this issue Aug 17, 2012 · 3 comments
Closed

vm.createContext and inheritance #3884

jankuca opened this issue Aug 17, 2012 · 3 comments
Labels
vm

Comments

@jankuca
Copy link

jankuca commented Aug 17, 2012

The VM context created via vm.createContext does only contain own keys of the object passed to it.

var a = { x: 1 };
var b = Object.create(a);

var ctx_a = vm.createContext(a);
var ctx_b = vm.createContext(b);

vm.runInContext('x', ctx_a); // 1
vm.runInContext('x', ctx_b); // ReferenceError: x is not defined

Is this the correct behavior? Is this to prevent functions such as hasOwnProperty to exist in the context?
@bnoordhuis
Copy link
Member

Is this the correct behavior? Is this to prevent functions such as hasOwnProperty to exist in the context?

Kind of. We use Object.getOwnPropertyNames(obj) to populate the VM context object. The idea is to stop evaluated code from (accidentally or intentionally) breaking out of the sandbox by walking the prototype chain.

@bnoordhuis
Copy link
Member

Let me add the caveat emptor that the vm module is not designed as a secure environment for running arbitrary code. It's a convenience tool for running trusted code in a clean slate environment.

@jankuca
Copy link
Author

jankuca commented Sep 4, 2012

OK, thanks. That's what I figured.

richardlau pushed a commit to ibmruntimes/node that referenced this issue Dec 17, 2015
domains: fix handling of uncaught exceptions
25cded4 
Fix node exiting due to an exception being thrown rather than emitting
an `'uncaughtException'` event on the process object when:
1. no error handler is set on the domain within which an error is thrown
2. an `'uncaughtException'` event listener is set on the process

Also fix an issue where the process would not abort in the proper
function call if an error is thrown within a domain with no error
handler and `--abort-on-uncaught-exception` is used.

Fixes nodejs#3607 and nodejs#3653.

PR: nodejs#3884
PR-URL: nodejs/node#3884
Reviewed-By: James M Snell <jasnell@gmail.com>
richardlau pushed a commit to ibmruntimes/node that referenced this issue Dec 18, 2015
@jasnell
domains: fix handling of uncaught exceptions
34e64e5 
Fix node exiting due to an exception being thrown rather than emitting
an `'uncaughtException'` event on the process object when:
1. no error handler is set on the domain within which an error is thrown
2. an `'uncaughtException'` event listener is set on the process

Also fix an issue where the process would not abort in the proper
function call if an error is thrown within a domain with no error
handler and `--abort-on-uncaught-exception` is used.

Fixes nodejs#3607 and nodejs#3653.

PR: nodejs#3884
PR-URL: nodejs/node#3884
Reviewed-By: James M Snell <jasnell@gmail.com>
richardlau pushed a commit to ibmruntimes/node that referenced this issue Dec 18, 2015
@jasnell
2015-12-17, Version 4.2.4 "Argon" (LTS) Release
ca439ce 
Maintenance Update

Notable changes

* Roughly 78% of the commits are documentation and test
  improvements
* domains:
  - Fix handling of uncaught exceptions (Julien Gilli)
    [nodejs#3884](nodejs/node#3884)
* deps:
  - Upgrade to npm 2.14.12 (Kat Marchán)
    [nodejs#4110](nodejs/node#4110)
  - Backport 819b40a from V8 upstream (Michaël Zasso)
    [nodejs#3938](nodejs/node#3938)
  - Updated node LICENSE file with new npm license (Kat Marchán)
    [nodejs#4110](nodejs/node#4110)
richardlau pushed a commit to ibmruntimes/node that referenced this issue Jan 11, 2016
@jasnell
2015-12-17, Version 4.2.4 "Argon" (LTS) Release
6fe5a18 
Maintenance Update

Notable changes

* Roughly 78% of the commits are documentation and test
  improvements
* domains:
  - Fix handling of uncaught exceptions (Julien Gilli)
    [nodejs#3884](nodejs/node#3884)
* deps:
  - Upgrade to npm 2.14.12 (Kat Marchán)
    [nodejs#4110](nodejs/node#4110)
  - Backport 819b40a from V8 upstream (Michaël Zasso)
    [nodejs#3938](nodejs/node#3938)
  - Updated node LICENSE file with new npm license (Kat Marchán)
    [nodejs#4110](nodejs/node#4110)
richardlau pushed a commit to ibmruntimes/node that referenced this issue Jan 11, 2016
@jasnell
domains: fix handling of uncaught exceptions
88e8d93 
Fix node exiting due to an exception being thrown rather than emitting
an `'uncaughtException'` event on the process object when:
1. no error handler is set on the domain within which an error is thrown
2. an `'uncaughtException'` event listener is set on the process

Also fix an issue where the process would not abort in the proper
function call if an error is thrown within a domain with no error
handler and `--abort-on-uncaught-exception` is used.

Fixes nodejs#3607 and nodejs#3653.

PR: nodejs#3884
PR-URL: nodejs/node#3884
Reviewed-By: James M Snell <jasnell@gmail.com>
richardlau pushed a commit to ibmruntimes/node that referenced this issue Jan 11, 2016
@jasnell
2015-12-23, Version 4.2.4 "Argon" (LTS) Release
13151aa 
Maintenance Update

Notable changes

* Roughly 78% of the commits are documentation and test
  improvements
* domains:
  - Fix handling of uncaught exceptions (Julien Gilli)
    [nodejs#3884](nodejs/node#3884)
* deps:
  - Upgrade to npm 2.14.12 (Kat Marchán)
    [nodejs#4110](nodejs/node#4110)
  - Backport 819b40a from V8 upstream (Michaël Zasso)
    [nodejs#3938](nodejs/node#3938)
  - Updated node LICENSE file with new npm license (Kat Marchán)
    [nodejs#4110](nodejs/node#4110)
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
vm
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bnoordhuis @jankuca