AGhost-7/gist:b4d2144faa45c0497af2

## gistfile1.js
var privateApi = {
  privateFunction: function() {
    console.log('this method cannot be invoked by the injected code.');
  }
};

var api = {
  log: function() {
    console.log('Sandbox says');
    Array.prototype.forEach.call(arguments, function(arg){ console.log(arg) });
  }
};

(function(top, window, location, external, chrome, document, speechSynthesis, webkitStorageInfo, indexedDB, webkitIndexedDB, crypto, localStorage, sessionStorage, applicationCache, performance, CSS, console, devicePixelRatio, styleMedia, parent, opener, frames, self, defaultstatus, defaultStatus, status, name, length, closed, pageYOffset, pageXOffset, scrollY, scrollX, screenTop, screenLeft, screenY, screenX, innerWidth, innerHeight, outerWidth, outerHeight, frameElement, clientInformation, navigator, toolbar, statusbar, scrollbars, personalbar, menubar, locationbar, history, screen, ondeviceorientation, ondevicemotion, postMessage, close, blur, focus, onautocompleteerror, onautocomplete, onunload, onstorage, onpopstate, onpageshow, onpagehide, ononline, onoffline, onmessage, onlanguagechange, onhashchange, onbeforeunload, onwaiting, onvolumechange, ontoggle, ontimeupdate, onsuspend, onsubmit, onstalled, onshow, onselect, onseeking, onseeked, onscroll, onresize, onreset, onratechange, onprogress, onplaying, onplay, onpause, onmousewheel, onmouseup, onmouseover, onmouseout, onmousemove, onmouseleave, onmouseenter, onmousedown, onloadstart, onloadedmetadata, onloadeddata, onload, onkeyup, onkeypress, onkeydown, oninvalid, oninput, onfocus, onerror, onended, onemptied, ondurationchange, ondrop, ondragstart, ondragover, ondragleave, ondragenter, ondragend, ondrag, ondblclick, oncuechange, oncontextmenu, onclose, onclick, onchange, oncanplaythrough, oncanplay, oncancel, onblur, onabort, onwheel, onwebkittransitionend, onwebkitanimationstart, onwebkitanimationiteration, onwebkitanimationend, ontransitionend, onsearch, getSelection, print, stop, open, alert, confirm, prompt, find, moveBy, moveTo, resizeBy, resizeTo, matchMedia, getComputedStyle, getMatchedCSSRules, requestAnimationFrame, cancelAnimationFrame, webkitRequestAnimationFrame, webkitCancelAnimationFrame, webkitCancelRequestAnimationFrame, captureEvents, releaseEvents, btoa, atob, setTimeout, clearTimeout, setInterval, clearInterval, scrollBy, scrollTo, scroll, TEMPORARY, PERSISTENT, fetch, webkitRequestFileSystem, webkitResolveLocalFileSystemURL, openDatabase, addEventListener, removeEventListener, dispatchEvent){
  (function(api, privateApi){
    // You can then inject third party code.

    // This won't execute on load since its shadowed by a variable of the same
    // name which is undefined. i.e., you can't call the onload event from here.
    onload = function() { api.log('loaded'); }

    // You can then define a public api which is the only thing the third party
    // can interact with.
    api.log('hello!');

    // The only problem is that you can still set and get global variables,
    // so all private js logic would have to be non-global or shadowed.
    foo = 1;

  })(api, undefined);
})();
	var privateApi = {
	privateFunction: function() {
	console.log('this method cannot be invoked by the injected code.');
	}
	};

	var api = {
	log: function() {
	console.log('Sandbox says');
	Array.prototype.forEach.call(arguments, function(arg){ console.log(arg) });
	}
	};

	(function(top, window, location, external, chrome, document, speechSynthesis, webkitStorageInfo, indexedDB, webkitIndexedDB, crypto, localStorage, sessionStorage, applicationCache, performance, CSS, console, devicePixelRatio, styleMedia, parent, opener, frames, self, defaultstatus, defaultStatus, status, name, length, closed, pageYOffset, pageXOffset, scrollY, scrollX, screenTop, screenLeft, screenY, screenX, innerWidth, innerHeight, outerWidth, outerHeight, frameElement, clientInformation, navigator, toolbar, statusbar, scrollbars, personalbar, menubar, locationbar, history, screen, ondeviceorientation, ondevicemotion, postMessage, close, blur, focus, onautocompleteerror, onautocomplete, onunload, onstorage, onpopstate, onpageshow, onpagehide, ononline, onoffline, onmessage, onlanguagechange, onhashchange, onbeforeunload, onwaiting, onvolumechange, ontoggle, ontimeupdate, onsuspend, onsubmit, onstalled, onshow, onselect, onseeking, onseeked, onscroll, onresize, onreset, onratechange, onprogress, onplaying, onplay, onpause, onmousewheel, onmouseup, onmouseover, onmouseout, onmousemove, onmouseleave, onmouseenter, onmousedown, onloadstart, onloadedmetadata, onloadeddata, onload, onkeyup, onkeypress, onkeydown, oninvalid, oninput, onfocus, onerror, onended, onemptied, ondurationchange, ondrop, ondragstart, ondragover, ondragleave, ondragenter, ondragend, ondrag, ondblclick, oncuechange, oncontextmenu, onclose, onclick, onchange, oncanplaythrough, oncanplay, oncancel, onblur, onabort, onwheel, onwebkittransitionend, onwebkitanimationstart, onwebkitanimationiteration, onwebkitanimationend, ontransitionend, onsearch, getSelection, print, stop, open, alert, confirm, prompt, find, moveBy, moveTo, resizeBy, resizeTo, matchMedia, getComputedStyle, getMatchedCSSRules, requestAnimationFrame, cancelAnimationFrame, webkitRequestAnimationFrame, webkitCancelAnimationFrame, webkitCancelRequestAnimationFrame, captureEvents, releaseEvents, btoa, atob, setTimeout, clearTimeout, setInterval, clearInterval, scrollBy, scrollTo, scroll, TEMPORARY, PERSISTENT, fetch, webkitRequestFileSystem, webkitResolveLocalFileSystemURL, openDatabase, addEventListener, removeEventListener, dispatchEvent){
	(function(api, privateApi){
	// You can then inject third party code.

	// This won't execute on load since its shadowed by a variable of the same
	// name which is undefined. i.e., you can't call the onload event from here.
	onload = function() { api.log('loaded'); }

	// You can then define a public api which is the only thing the third party
	// can interact with.
	api.log('hello!');

	// The only problem is that you can still set and get global variables,
	// so all private js logic would have to be non-global or shadowed.
	foo = 1;

	})(api, undefined);
	})();