Preface:
I have an app where I want to allow users to enter mostly mathematical code to create a simulation. It currently uses mathjs to evaluate code snippets, but without control statements it’s a bit inflexible. Even allowing a user to import arbitrary code and inject it into mathjs is somewhat obtuse. What I’d like is something that is relatively robust against accidental mistakes by non-malicious users.
Both mathjs and scraggy do this by walking parsed syntax trees with optional contexts passed in to provide free variable scopes. That seems to incur a large runtime overhead though, so I’ve worked out an alpha alternative based on with statements and a Proxy’d Map-like object, and I’m hoping to get some constructive criticism about performance and relative safety.
Here was my intent:
- prevent any writes to the globalThis, but allow access to global objects.
- allow ‘scoped’ contexts (I only need 3 deep). implementation below is derived from mathjs
- if a free variable is not found in any scope, create it in the current scope, otherwise update it in the scope its in.
Some lingering uncertainties:
- I’m currently not parsing the content of the code snippets at all to remove bad stuff, but I’m also thinking that may not be required.
- I don’t think I understand whether the [Symbol.unscopables] symbol would help protect me or help me shoot myself. I’d like to prevent someone from accidentally overwriting my Proxy’d object properties – is that the way to do that? Do I do that in the Proxy or the object?
- I haven’t yet done performance tests, but the Proxy certainly involves some overhead.
Here’s the underlying Map-like class:
class MapScope {
constructor (parent=null) {
this.localMap = new Map()
this.parentScope = parent;
}
has (key) {
return this.localMap.has(key) ? true : this.parentScope?.has(key) ?? false;
}
get (key) {
return this.localMap.get(key) ?? this.parentScope?.get(key)
}
set (key, value) {
const iGetIt = ! this.parentScope?.has(key) || this.localMap.has(key);
return iGetIt ? this.localMap.set(key, value) : this.parentScope.set(key, value);
}
keys () {
if (this.parentScope) {
return new Set([...this.localMap.keys(), ...this.parentScope.keys()])
} else {
return this.localMap.keys()
}
}
size() { return this.localMap.size();}
forEach(cb, thisArg=this.localMap) {
this.localMap.forEach(cb, thisArg);
}
delete (key) {
// return false;
return this.localMap.delete(key)
}
deleteProperty (p) {
//return false;
return this.localMap.delete(p)
m }
clear () {
return this.localMap.clear()
}
toString () {
return this.localMap.toString()
}
}
Here’s the traps object for the Proxy:
var mapTraps = {
// This says that variables in the local scope shadow the global ones
// and that any new variables will be in the local scope
has(target, key) {
console.log(`called: has(..., ${key})`);
if (key in globalThis && ! target.has(key)) {
return false;
}
return true;
},
get(target,key,receiver) {
if (!target.has(key)) {
if (key in globalThis) {
console.log(`get ${key.toString()} from globalThis`);
return globalThis[key];
} else {
return undefined;
}
}
console.log(`get ${key.toString()} from target`);
return target.get(key);
},
//
set(target, key, val){
console.log(`called: set(..., ${key.toString()})`);
return target.set(key,val);
}
}
Here’s how you put these two together – vars because noodling in Node:
var mscope = new MapScope()
var nscope = new MapScope(mscope)
var rscope = new MapScope(nscope)
var mproxy = new Proxy(mscope, mapTraps)
var nproxy = new Proxy(nscope, mapTraps)
var rproxy = new Proxy(rscope, mapTraps)
So mscope is the toplevel scope, nscope is between it and rscope.
Testing looks like this:
with (mproxy) {t = 0}
--> 0
with (mproxy) {t += 2 * Math.random()}
--> 1.75....
with(rproxy) {t<5}
--> true
with(nproxy) {t<5}
--> true
The intended use though is to use these functions to create runtime functions to run user code in the appropriate scope. See: Changing function’s scope for a similar solution or the MDN write-ups on the with statement and Proxy.
function compileSnippet(exp) {
return new Function ("fscope", `
with(fscope) {
return ${exp} ;
}
`);
}
var startFn = compileSnippet(startExpr);
var startEachFn = compileSnippet(startEachExpr);
// evaluate in scope - typically for side-effect
startFn(nproxy)
...
startEachFn(nproxy)
...
// endEachFn and endFn also