Avatar

maxm

🕳️
Joined January 12, 2023
Public vals
137
maxm avatar
maxm
ingeniousSapphireWildebeest
Script
An interactive, runnable TypeScript val by maxm
0
maxm avatar
maxm
pretendingToBeRun
HTTP
An interactive, runnable TypeScript val by maxm
0
maxm avatar
maxm
transformEvalCode
Script
See: https://www.val.town/v/maxm/eval
0
maxm avatar
maxm
eval
Script
Eval web demo Security Caveats This code runs in a Worker with { permissions: { write: false, read: false, net: false } } . This is likely very safe, but if you enable network access keep in mind that users might generate junk network traffic or attempt to make infinite loops. If sandboxed code knows the name of one of your private vals it will be able to import the code with import "https://esm.town/v/maxm/private" . If you enabled write: true in the Worker, the unix socket that Deno uses to communicate with the host can be deleted and intercepted. This might mean that evaluated code can steal the socket and read the next request. You should not use this to evaluate code that should not be read by a previous evaluation. All code is running on the same process and you are not protected from exotic attacks like speculative execution. Overview You can use this library to evaluate code: import { evalCode } from "https://esm.town/maxm/eval" console.log(await evalCode("export const foo = 1")) // => 1 You can use this library with https://www.val.town/v/maxm/transformEvalCode to return the last value without needing to export it. This is how the /eval api endpoint used to work and makes the library preform similarly to a repl. import { evalCode } from "https://esm.town/maxm/eval" import { transform } from "https://esm.town/maxm/transformEvalCode" console.log(await evalCode(transform("1+1"))) // => 2 Here's an example UI application that demonstrates how you can string this all together: https://maxm-evalui.web.val.run/ (source: https://www.val.town/v/maxm/evalUI) Security Model Code is evaluated using a dynamic import within a Worker. await import(`data:text/tsx,${encodeURIComponent(e.data)}`); Running the code withing a Worker prevents access to GlobalThis and window from leaking between evals. Similarly, access to Deno.env is prevented and evaluations will see errors when trying to access any environment variables. TODO: what else?
4
maxm avatar
maxm
evalUI
HTTP
An interactive, runnable TypeScript val by maxm
2
maxm avatar
maxm
tldrawClient
Script
Forked from robcobb/tldrawclient
0
maxm avatar
maxm
sseDemoCountdown
HTTP
Forked from maxm/SSEDemo
0
maxm avatar
maxm
valiantSalmonWarbler
Script
An interactive, runnable TypeScript val by maxm
0
maxm avatar
maxm
cheerfulAzureGrasshopper
HTTP
An interactive, runnable TypeScript val by maxm
0
maxm avatar
maxm
fantasticPurplePossum
HTTP
An interactive, runnable TypeScript val by maxm
0
maxm avatar
maxm
intenseLimeBuzzard
HTTP
Forked from maxm/pgliteNpm
0
maxm avatar
maxm
valTownSdkBlobExample
Script
// the value string should be a readable
0
maxm avatar
maxm
iframeGridInfinite
HTTP
* This val creates an infinite grid of iframes with thick draggable borders. * It includes a welcome modal, fixes the drag state issue, and stores iframe URLs in a database.
0
maxm avatar
maxm
satisfactoryBlushCatshark
Script
An interactive, runnable TypeScript val by maxm
0
maxm avatar
maxm
resyGetMatchingSlot
Script
Forked from vtdocs/resyGetMatchingSlot
0
maxm avatar
maxm
resyAuth
Script
Forked from vtdocs/resyAuth
0