mirror of
https://github.com/apache/superset.git
synced 2026-04-23 01:55:09 +00:00
69195f8d2d
* Introduce Javascript controls This allows power-users to perform intricate transformations on data and objects using javascript code. The operations allowed are "sanboxed" or limited using node's vm `runInNewContext` https://nodejs.org/api/vm.html#vm_vm_runinnewcontext_code_sandbox_options For now I'm only enabling in the line chart visualization, but the plan would be to go towards offering more power to people who can write some JS moving forward. * Not applied
26 lines
913 B
JavaScript
26 lines
913 B
JavaScript
// A safe alternative to JS's eval
|
|
import vm from 'vm';
|
|
import _ from 'underscore';
|
|
|
|
// Objects exposed here should be treated like a public API
|
|
// if `underscore` had backwards incompatible changes in a future release, we'd
|
|
// have to be careful about bumping the library as those changes could break user charts
|
|
const GLOBAL_CONTEXT = {
|
|
console,
|
|
_,
|
|
};
|
|
|
|
// Copied/modified from https://github.com/hacksparrow/safe-eval/blob/master/index.js
|
|
export default function sandboxedEval(code, context, opts) {
|
|
const sandbox = {};
|
|
const resultKey = 'SAFE_EVAL_' + Math.floor(Math.random() * 1000000);
|
|
sandbox[resultKey] = {};
|
|
const codeToEval = resultKey + '=' + code;
|
|
const sandboxContext = { ...GLOBAL_CONTEXT, ...context };
|
|
Object.keys(sandboxContext).forEach(function (key) {
|
|
sandbox[key] = sandboxContext[key];
|
|
});
|
|
vm.runInNewContext(codeToEval, sandbox, opts);
|
|
return sandbox[resultKey];
|
|
}
|