Skip to content
This repository was archived by the owner on May 22, 2024. It is now read-only.

Latest commit

 

History

History
45 lines (37 loc) · 1.7 KB

play_with_keyword_restriction.md

File metadata and controls

45 lines (37 loc) · 1.7 KB

Tutorial - Play with Keyword Restriction

There are a set of keywords that cannot be used to prevent unexpected script execution behavior. E.g. async, await, Promise.

Sample Keyword - import

By default, keyword import is disallowed so that the script cannot reference any modules. If you check a script with keyword import in JavetSanitizerModuleChecker with the default option, you will get an error. You may create your own option with keyword import enabled and the same script will pass the check.

String codeString = "import { x } from 'x.mjs'; function main() {}";
// Check the script with the default option.
try {
    new JavetSanitizerModuleChecker().check(codeString);
} catch (JavetSanitizerException e) {
    System.out.println(e.getMessage());
    System.out.println(e.getContext());
}

System.out.println("----------------------------------------");

// Create a new option with keyword import enabled.
JavetSanitizerOption option = JavetSanitizerOption.Default.toClone()
        .setKeywordImportEnabled(true)
        .seal();
// Check the script with the new option.
try {
    new JavetSanitizerModuleChecker(option).check(codeString);
    System.out.println(codeString + " // Valid");
} catch (JavetSanitizerException e) {
    System.out.println(e.getMessage());
    System.out.println(e.getContext());
}

/*
Keyword import is not allowed.
Source Code: import { x } from 'x.mjs';
Line Number: 1, 1
Column: 0, 26
Position: 0, 26
----------------------------------------
import { x } from 'x.mjs'; function main() {} // Valid
*/

The complete code is at here.