11
11
JavaScript code can be compiled and run immediately or compiled, saved, and run later.
15
The `vm` module has many known issues and edge cases. If you run into
16
issues or unexpected behavior, please consult [the open issues on
17
GitHub](https://github.com/joyent/node/issues?labels=vm&state=open).
18
Some of the biggest problems are described below.
22
The `sandbox` argument to `vm.runInNewContext` and `vm.createContext`,
23
along with the `initSandbox` argument to `vm.createContext`, do not
24
behave as one might normally expect and their behavior varies
25
between different versions of Node.
27
The key issue to be aware of is that V8 provides no way to directly
28
control the global object used within a context. As a result, while
29
properties of your `sandbox` object will be available in the context,
30
any properties from the `prototype`s of the `sandbox` may not be
31
available. Furthermore, the `this` expression within the global scope
32
of the context evaluates to the empty object (`{}`) instead of to
35
Your sandbox's properties are also not shared directly with the script.
36
Instead, the properties of the sandbox are copied into the context at
37
the beginning of execution, and then after execution, the properties
38
are copied back out in an attempt to propagate any changes.
42
Properties of the global object, like `Array` and `String`, have
43
different values inside of a context. This means that common
44
expressions like `[] instanceof Array` or
45
`Object.getPrototypeOf([]) === Array.prototype` may not produce
46
expected results when used inside of scripts evaluated via the `vm` module.
48
Some of these problems have known workarounds listed in the issues for
49
`vm` on GitHub. for example, `Array.isArray` works around
50
the example problem with `Array`.
14
52
## vm.runInThisContext(code, [filename])
95
133
// { animal: 'cat', count: 3, name: 'CATT' }
97
135
Note that `createContext` will perform a shallow clone of the supplied sandbox object in order to
98
initialise the global object of the freshly constructed context.
136
initialize the global object of the freshly constructed context.
100
138
Note that running untrusted code is a tricky business requiring great care. To prevent accidental
101
139
global variable leakage, `vm.runInContext` is quite useful, but safely running untrusted code