API Reference
Sandboxes.baremod
Sandboxes.enter_repl
Sandboxes.repl_in
Sandboxes.sandboxed_eval_expr
Sandboxes.sandboxify
Sandboxes.baremod
— Methodbaremod()
Return an anonymous baremodule
Sandboxes.enter_repl
— Methodenter_repl(m::Module)
Start a sandboxed REPL mode inside baremodule m
.
Sandboxes.repl_in
— Methodrepl_in(m::Module)
Define a REPL that eval's sandboxed code inside the baremodule m
.
Sandboxes.sandboxed_eval_expr
— Methodsandboxed_eval_expr(m::Module, ex::Expr)
Return an expression that, when evaluated, will safely evaluate some transformation of ex
in m
.
Sandboxes.sandboxify
— Methodsandboxify(ex:Expr)
Return an expression that, when evaluated in a baremodule, cannot:
- access identifiers in
Core
- import other modules
- define new modules (this would allow escape by
eval
or.Core
) - define macros (this allows escape by returning
:(:Core)
)
To punch holes in the sandbox, interpolate values into the expression like this:
sandboxify( :( nand(a, b) = $(~)($(&)(a, b)) ) )
The above example will return an expression for a function that will internally call ~
and &
as defined in the scope you created the expression in, rather than as defined in the sandbox.