d0nutptr/intentionally_shitty_jail.js

## intentionally_shitty_jail.js

function jail(code) {
    // quick string escape for inner strings
    code = code.replace(/["'`\\]/g, function(v){ return `\\${v}`});

    var jail_script = "new Function(";

    // Blacklist all global scope values
    for(prop in window) {
        jail_script += `"${prop}", `;
    }

    // Disable eval/Function
    jail_script += `"eval", "Function", `;

    jail_script += `"${code}");`;

    // Give us the Function object to make a call on.
    var jail_internal = eval(jail_script);

    jail_internal.call()
}

// jail("alert(1)") // This will error since alert doesn't exist anymore
// jail("console.log(1 + 1)") // Log output of '2'

	function jail(code) {
	// quick string escape for inner strings
	code = code.replace(/["'`\\]/g, function(v){ return `\\${v}`});

	var jail_script = "new Function(";

	// Blacklist all global scope values
	for(prop in window) {
	jail_script += `"${prop}", `;
	}

	// Disable eval/Function
	jail_script += `"eval", "Function", `;

	jail_script += `"${code}");`;

	// Give us the Function object to make a call on.
	var jail_internal = eval(jail_script);

	jail_internal.call()
	}

	// jail("alert(1)") // This will error since alert doesn't exist anymore
	// jail("console.log(1 + 1)") // Log output of '2'