A brief discussion on several ways to implement front-end JS sandbox

Preface
iframe implements sandbox
Implementing sandbox using diff method
Implementing a single instance sandbox based on a proxy
Implementing multi-instance sandbox based on proxy
Conclusion
refer to

Preface

In the field of micro frontends, sandbox is a very important thing. For example, the micro-frontend framework single-spa does not implement the js sandbox. When we build large-scale micro-frontend applications, it is easy to cause some variable conflicts, which poses a huge risk to the reliability of the application. In micro frontends, there are some global objects that need to be shared among all applications, such as document, location, and other objects. During the development of sub-applications, multiple teams may be working on it, and it is difficult to restrict them from using global variables. Some pages may have multiple different sub-applications, requiring us to support multiple sandboxes, and each sandbox needs to have the ability to load, unload, and restore.

iframe implements sandbox

In the front end, there is a relatively important HTML tag iframe. In fact, we can use the iframe object to take out the native browser object through contentWindow. This object naturally has all the properties and is isolated from the main application environment. Let's look at the code below

let iframe = document.createElement('iframe',{src:'about:blank'});
document.body.appendChild(iframe);
const sandboxGlobal = iframe.contentWindow;

Note: Only ifame in the same domain can retrieve the corresponding contentWindow. The iframe's src is set to about:blank, which can ensure that it is in the same domain and no resource loading will occur. Refer to iframe src

In the preface, we mentioned that in addition to having an isolated window environment, the micro front end actually needs to share some global objects. At this time, we can use a proxy to achieve this. Let's look at the code below

class SandboxWindow {
    /**
     * Constructor * @param {*} context The object to be shared * @param {*} frameWindow The window of the iframe
     */
    constructor(context, frameWindow) {
        
        return new Proxy(frameWindow, {
            get(target, name) {
                if (name in context) { // Use shared objects first return context[name];
                }
                return target[name];
            },
            set(target, name, value) {
                if (name in context) { // Modify the value of the shared object return context[name] = value;
                }
                target[name] = value;
            }
        })
    }
}

// Variables that need to be shared globally const context = { document:window.document, history:window.history }

// Create a sandbox const newSandboxWindow = new SandboxWindow(context, sandboxGlobal); 

// Determine whether the object on the sandbox is equal to the global object console.log('equal',newSandboxWindow.document === window.document)

newSandboxWindow.abc = '1'; //Add properties to the sandbox console.log(window.abc); //View properties globally console.log(newSandboxWindow.abc) //View properties on the sandbox

Let's run it and see the results

Above, we can use the iframe sandbox to achieve the following features:

Isolation of global variables, such as setTimeout, location, and different versions of react
Routing isolation: applications can implement independent routing or share global routing
Multiple instances, multiple independent micro applications can run simultaneously

Implementing sandbox using diff method

In browsers that do not support proxies, we can practice sandboxing through diff. When the application is running, a snapshot window object is saved, and all the properties of the current window object are copied to the snapshot object. When the sub-application is uninstalled, the window object is modified to make a diff, and the different properties are saved in a modifyMap. When it is mounted again, these modified properties are added. The code is as follows:

class DiffSandbox {
  constructor(name) {
    this.name = name;
    this.modifyMap = {}; //Store modified properties this.windowSnapshot = {};
  }
  active() {
    // Cache active state sandbox this.windowSnapshot = {};
    for (const item in window) {
      this.windowSnapshot[item] = window[item];
    }

    Object.keys(this.modifyMap).forEach(p => {
      window[p] = this.modifyMap[p];
    })

  }

  inactive() {
    for (const item in window) {
      if (this.windowSnapshot[item] !== window[item]) {
        //Record changes this.modifyMap[item] = window[item];
        // Restore window
        window[item] = this.windowSnapshot[item];
      }
    }
  }
}

const diffSandbox = new DiffSandbox('diff sandbox');
diffSandbox.active(); // Activate the sandbox window.a = '1'
console.log('Open sandbox:',window.a);
diffSandbox.inactive(); //Deactivate sandbox console.log('Deactivate sandbox:', window.a);
diffSandbox.active(); // Reactivate console.log('Activate again', window.a);

Let's run it and see the results

This method also cannot support multiple instances because all properties are saved on the window during runtime.

Implementing a single instance sandbox based on a proxy

In ES6, we can hijack objects through proxies. The basic record is also recorded through the modification of the window object. These records are deleted when the application is uninstalled and restored when the application is activated again to achieve the purpose of simulating the sandbox environment. The code is as follows

// Public method to modify window properties const updateWindowProp = (prop, value, isDel) => {
    if (value === undefined || isDel) {
        delete window[prop];
    } else {
        window[prop] = value;
    }
}

class ProxySandbox {

    active() {
        // Restore the sandbox based on the record this.currentUpdatedPropsValueMap.forEach((v, p) => updateWindowProp(p, v));
    }
    inactive() {
        // 1 Restore the properties modified during the sandbox to the original properties this.modifiedPropsMap.forEach((v, p) => updateWindowProp(p, v));
        // 2 Eliminate the global variables added during the sandbox this.addedPropsMap.forEach((_, p) => updateWindowProp(p, undefined, true));
    }

    constructor(name) {
        this.name = name;
        this.proxy = null;
        //Store the newly added global variables this.addedPropsMap = new Map(); 
        //Store global variables updated during the sandbox this.modifiedPropsMap = new Map();
        // There are new and modified global variables, which are used when the sandbox is activated this.currentUpdatedPropsValueMap = new Map();

        const { addedPropsMap, currentUpdatedPropsValueMap, modifiedPropsMap } = this;
        const fakeWindow = Object.create(null);
        const proxy = new Proxy(fakeWindow, {
            set(target, prop, value) {
                if (!window.hasOwnProperty(prop)) {
                    // If there is no property on the window, record it in the newly added property // debugger;
                    addedPropsMap.set(prop, value);
                } else if (!modifiedPropsMap.has(prop)) {
                    // If the current window object has this property and has not been updated, record the initial value of this property on the window const originalValue = window[prop];
                    modifiedPropsMap.set(prop, originalValue);
                }
                // Record the modified properties and the modified values currentUpdatedPropsValueMap.set(prop, value);
                // Set the value to the global window updateWindowProp(prop, value);
                return true;
            },
            get(target, prop) {
                return window[prop];
            },
        });
        this.proxy = proxy;
    }
}


const newSandBox = new ProxySandbox('Proxy Sandbox');
const proxyWindow = newSandBox.proxy;
proxyWindow.a = '1'
console.log('Open sandbox:', proxyWindow.a, window.a);
newSandBox.inactive(); //Deactivate sandbox console.log('Deactivate sandbox:', proxyWindow.a, window.a);
newSandBox.active(); //Deactivate sandbox console.log('Reactivate sandbox:', proxyWindow.a, window.a);

Let's run the code and see the results

In this way, there can only be one active sandbox at a time, otherwise the variables on the global object will be updated by more than two sandboxes, causing global variable conflicts.

Implementing multi-instance sandbox based on proxy

In the single-instance scenario, our fakeWindow is an empty object that does not have any function of storing variables. The variables created by the micro-application are actually mounted on the window in the end, which limits the number of micro-applications that can be activated at the same time.

class MultipleProxySandbox {

    active() {
        this.sandboxRunning = true;
    }
    inactive() {
        this.sandboxRunning = false;
    }

    /**
     * Constructor * @param {*} name sandbox name * @param {*} context shared context * @returns 
     */
    constructor(name, context = {}) {
        this.name = name;
        this.proxy = null;
        const fakeWindow = Object.create({});
        const proxy = new Proxy(fakeWindow, {
            set: (target, name, value) => {
                if (this.sandboxRunning) {
                    if (Object.keys(context).includes(name)) {
                        context[name] = value;
                    }
                    target[name] = value;
                }
            },
            get: (target, name) => {
                // Give priority to shared objects if (Object.keys(context).includes(name)) {
                    return context[name];
                }
                return target[name];
            }
        })
        this.proxy = proxy;
    }
}

const context = { document: window.document };

const newSandBox1 = new MultipleProxySandbox('Proxy Sandbox 1', context);
newSandBox1.active();
const proxyWindow1 = newSandBox1.proxy;

const newSandBox2 = new MultipleProxySandbox('Proxy Sandbox 2', context);
newSandBox2.active();
const proxyWindow2 = newSandBox2.proxy;
console.log('Are shared objects equal?', window.document === proxyWindow1.document, window.document === proxyWindow2.document);

proxyWindow1.a = '1'; // Set the value of proxy 1 proxyWindow2.a = '2'; // Set the value of proxy 2 window.a = '3'; // Set the value of window console.log('Print output value', proxyWindow1.a, proxyWindow2.a, window.a);


newSandBox1.inactive(); newSandBox2.inactive(); // Both sandboxes are inactivated proxyWindow1.a = '4'; // Set the value of proxy1 proxyWindow2.a = '4'; // Set the value of proxy2 window.a = '4'; // Set the value of window console.log('The value printed after deactivation', proxyWindow1.a, proxyWindow2.a, window.a);

newSandBox1.active(); newSandBox2.active(); // Activate again proxyWindow1.a = '4'; // Set the value of proxy 1 proxyWindow2.a = '4'; // Set the value of proxy 2 window.a = '4'; // Set the value of window console.log('The value printed after deactivation', proxyWindow1.a, proxyWindow2.a, window.a);

Running the code gives the following results:

This way, only one sandbox can be activated at a time, thus achieving multi-instance sandboxing.

Conclusion

The above are the more commonly used sandbox implementation methods for micro front-ends. If we want to use them in production, we need to make a lot of judgments and constraints. In the next article, we will look at how the micro-frontend framework Qiankun implements the sandbox through the source code. The above code is on github. To view it, please go to js-sandbox

refer to

iframe src
ES6 Proxy

This concludes this article on several ways to implement front-end JS sandbox. For more relevant JS sandbox content, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!

You may also be interested in:

Quickjs encapsulates JavaScript sandbox details
JavaScript Sandbox Exploration
A brief talk about JavaScript Sandbox
A brief discussion on Node.js sandbox environment
Setting up a secure sandbox environment for Node.js applications
Example of sandbox mode in JS implementation closure
JS sandbox mode example analysis
JavaScript design pattern security sandbox mode
WebWorker encapsulates JavaScript sandbox details

<<: The latest graphic tutorial of mysql 8.0.16 winx64 installation under win10

>>: Detailed explanation of Linux tee command usage

A brief discussion on several situations where MySQL returns Boolean types

A brief discussion on several ways to implement front-end JS sandbox

Table of contents

Preface

iframe implements sandbox

Implementing sandbox using diff method

Implementing a single instance sandbox based on a proxy

Implementing multi-instance sandbox based on proxy

Conclusion

refer to

A brief discussion on several situations where MySQL returns Boolean types

Example of implementing bidirectional messaging between parent and child pages in HTML iframe

Tutorial on logging into MySQL after installing Mysql 5.7.17

In-depth analysis of MySQL from deleting the database to running away_Advanced (I) - Data Integrity

A nice html printing code supports page turning

Detailed explanation of Excel parsing and exporting based on Vue

CSS to achieve the image hovering mouse folding effect

The handler PageHandlerFactory-Integrated has a bad module ManagedPipelineHandler in its module list

CSS stacking and z-index example code

The best explanation of HTTPS

Recommend

How to build a new image based on an existing image in Docker

HTML tag meta summary, HTML5 head meta attribute summary

Detailed explanation of three ways to configure Nginx virtual hosts (based on IP)

How to use jsonp in vue

Web page creation basic declaration document type description (DTD

Complete steps to install mysql5.7 on Mac (with pictures and text)

PostgreSQL materialized view process analysis

Introduction and use of triggers and cursors in MySQL

Detailed explanation of the actual process of master-slave synchronization of MySQL database

How to set list style attributes in CSS (just read this article)

How to remove carriage return characters from text in Linux

Vue3 (III) Website Homepage Layout Development

JavaScript implements single linked list process analysis

A preliminary study on composite primary key and joint primary key in SQL statements

How to set Nginx log printing post request parameters