知识共享许可协议
本作品采用知识共享署名-非商业性使用 3.0 未本地化版本许可协议进行许可。

Node.js v0.10.18 手册 & 文档

执行 JavaScript#

稳定度: 3 - 稳定

You can access this module with:

你可以这样引入此模块: 

var vm = require('vm');

JavaScript code can be compiled and run immediately or compiled, saved, and run later.

JavaScript 代码可以被编译并立即执行,也可以在编译后保存,留到稍后执行。

vm.runInThisContext(code, [options])#

vm.runInThisContext() compiles code, runs it and returns the result. Running code does not have access to local scope, but does have access to the current global object.

vm.runInThisContext()code 进行编译、运行并返回结果。 被运行的代码没有对本地作用域 (local scope) 的访问权限,但是可以访问当前的 global 对象。

Example of using vm.runInThisContext and eval to run the same code:

使用 vm.runInThisContexteval 分别执行相同的代码: 

// vmResult: 'vm', localVar: 'initial value'
// evalResult: 'eval', localVar: 'eval'

vm.runInThisContext does not have access to the local scope, so localVar is unchanged. eval does have access to the local scope, so localVar is changed.

vm.runInThisContext 无法访问本地作用域,因此 localVar 没有被改变。 eval 可以访问本地作用域,因此 localVar 被改变。

In this way vm.runInThisContext is much like an indirect eval call, e.g. (0,eval)('code'). However, it also has the following additional options:

这种情况下 vm.runInThisContext 可以看作一种 间接的 eval 调用, 如 (0,eval)('code')。但是 vm.runInThisContext 也提供下面几个额外的参数:

  • filename: allows you to control the filename that shows up in any stack traces produced.
  • displayErrors: whether or not to print any errors to stderr, with the line of code that caused them highlighted, before throwing an exception. Will capture both syntax errors from compiling code and runtime errors thrown by executing the compiled code. Defaults to true.

  • timeout: a number of milliseconds to execute code before terminating execution. If execution is terminated, an Error will be thrown.

  • filename: 允许您更改显示在站追踪 (stack trace) 中的文件名

  • displayErrors: 是否在抛出异常前输出带高亮错误代码行的错误信息到 stderr。 将会捕捉所有在编译 code 的过程中产生的语法错误以及执行过程中产生的运行时错误。 默认为 true
  • timeout: 以毫秒为单位规定 code 允许执行的时间。在执行过程中被终止时会有 Error 抛出。

vm.createContext([sandbox])#

If given a sandbox object, will "contextify" that sandbox so that it can be used in calls to vm.runInContext or script.runInContext. Inside scripts run as such, sandbox will be the global object, retaining all its existing properties but also having the built-in objects and functions any standard global object has. Outside of scripts run by the vm module, sandbox will be unchanged.

如提供 sandbox 对象则将沙箱 (sandbox) 对象 “上下文化 (contextify)” 供 vm.runInContext 或者 script.runInContext 使用。 以此方式运行的脚本将以 sandbox 作为全局对象,该对象将在保留其所有的属性的基础上拥有标准 全局对象 所拥有的内置对象和函数。 在由 vm 模块运行的脚本之外的地方 sandbox 将不会被改变。

If not given a sandbox object, returns a new, empty contextified sandbox object you can use.

如果没有提供沙箱对象,则返回一个新建的、没有任何对象被上下文化的可用沙箱。

This function is useful for creating a sandbox that can be used to run multiple scripts, e.g. if you were emulating a web browser it could be used to create a single sandbox representing a window's global object, then run all <script> tags together inside that sandbox.

此函数可用于创建可执行多个脚本的沙箱, 比如,在模拟浏览器的时候可以使用该函数创建一个用于表示 window 全局对象的沙箱, 并将所有 <script> 标签放入沙箱执行。

vm.isContext(sandbox)#

Returns whether or not a sandbox object has been contextified by calling vm.createContext on it.

返回沙箱对象是否已经通过 vm.createContext 上下文化 (contextified)

vm.runInContext(code, contextifiedSandbox, [options])#

vm.runInContext compiles code, then runs it in contextifiedSandbox and returns the result. Running code does not have access to local scope. The contextifiedSandbox object must have been previously contextified via vm.createContext; it will be used as the global object for code.

vm.runInContext 编译 code 放入 contextifiedSandbox 执行并返回执行结果。 被执行的代码对 本地作用域 (local scope) 没有访问权。 contextifiedSandbox 必须在使用前通过 vm.createContext 上下文化,用作 code 的全局对象。

vm.runInContext takes the same options as vm.runInThisContext.

vm.runInContext 使用与 vm.runInThisContext 相同的 选项 (options)

Example: compile and execute differnt scripts in a single existing context.

示例:在同一个上下文中编译并执行不同的脚本 

// { globalVar: 1024 }

Note that running untrusted code is a tricky business requiring great care. vm.runInContext is quite useful, but safely running untrusted code requires a separate process.

执行不可信代码 (untrusted code) 是一件充满技巧而且需要非常小心的工作。 vm.runInContext 十分好用,但是安全地运行不可信代码还需要将这些代码放入单独的进程里面执行。

vm.runInNewContext(code, [sandbox], [options])#

vm.runInNewContext compiles code, contextifies sandbox if passed or creates a new contextified sandbox if it's omitted, and then runs the code with the sandbox as the global object and returns the result.

vm.runInNewContext 首先编译 code,若提供 sandbox 则将 sandbox 上下文化,若未提供则创建一个新的沙箱并上下文化, 然后将代码放入沙箱作为全局对象的上下文内执行并返回结果。

vm.runInNewContext takes the same options as vm.runInThisContext.

vm.runInNewContext 使用与 vm.runInThisContext 相同的 选项 (options)

Example: compile and execute code that increments a global variable and sets a new one. These globals are contained in the sandbox.

示例: 编译并执行一段“自增一个全局变量然后创建一个全局变量”的代码。这些被操作的全局变量会被保存在沙箱中。 

// { animal: 'cat', count: 3, name: 'kitty' }

Note that running untrusted code is a tricky business requiring great care. vm.runInNewContext is quite useful, but safely running untrusted code requires a separate process.

执行不可信代码 (untrusted code) 是一件充满技巧而且需要非常小心的工作。 vm.runInNewContext 十分好用,但是安全地运行不可信代码还需要将这些代码放入单独的进程里面执行。

类: Script#

A class for holding precompiled scripts, and running them in specific sandboxes.

用于存放预编译脚本的类,可将预编译代码放入沙箱执行。

new vm.Script(code, options)#

Creating a new Script compiles code but does not run it. Instead, the created vm.Script object represents this compiled code. This script can be run later many times using methods below. The returned script is not bound to any global object. It is bound before each run, just for that run.

创建一个新的 Script 用于编译 code 但是不执行。使用被创建的 vm.Script 用来表示完成编译的代码。 这份可以在后面的代码中执行多次。 返回的脚本是未绑定任何全局对象 (上下文 context) 的,全局对象仅在每一次执行的时候被绑定,执行结束后即释放绑定。

The options when creating a script are:

创建脚本的选项 (option) 有:

  • filename: allows you to control the filename that shows up in any stack traces produced from this script.

  • displayErrors: whether or not to print any errors to stderr, with the line of code that caused them highlighted, before throwing an exception. Applies only to syntax errors compiling the code; errors while running the code are controlled by the options to the script's methods.

  • filename: 允许您更改显示在站追踪 (stack trace) 中的文件名

  • displayErrors: 是否在抛出异常前输出带高亮错误代码行的错误信息到 stderr。 仅捕捉所有在编译过程中产生的语法错误(运行时错误由运行脚本选项控制)。

script.runInThisContext([options])#

Similar to vm.runInThisContext but a method of a precompiled Script object. script.runInThisContext runs script's compiled code and returns the result. Running code does not have access to local scope, but does have access to the current global object.

类似 vm.runInThisContext 只是作为预编译的 Script 对象方法。 script.runInThisContext 执行被编译的 script 并返回结果。 被运行的代码没有对本地作用域 (local scope) 的访问权限,但是可以访问当前的 global 对象。

Example of using script.runInThisContext to compile code once and run it multiple times:

示例: 使用 script.runInThisContext 编译代码并多次执行: 

// 1000

The options for running a script are:

运行脚本的选项 (option) 有:

  • displayErrors: whether or not to print any runtime errors to stderr, with the line of code that caused them highlighted, before throwing an exception. Applies only to runtime errors executing the code; it is impossible to create a Script instance with syntax errors, as the constructor will throw.

  • timeout: a number of milliseconds to execute the script before terminating execution. If execution is terminated, an Error will be thrown.

  • displayErrors: 是否在抛出异常前输出带高亮错误代码行的错误信息到 stderr。 仅捕捉所有执行过程中产生的运行时错误(语法错误会在 Script 示例创建时就发生,因此不可能创建出带语法错误的 Script 对象)。

  • timeout: 以毫秒为单位规定 code 允许执行的时间。在执行过程中被终止时会有 Error 抛出。

script.runInContext(contextifiedSandbox, [options])#

Similar to vm.runInContext but a method of a precompiled Script object. script.runInContext runs script's compiled code in contextifiedSandbox and returns the result. Running code does not have access to local scope.

类似 vm.runInContext 只是作为预编译的 Script 对象方法。 script.runInContextcontextifiedSandbox 中执行 script 编译出的代码,并返回结果。 被运行的代码没有对本地作用域 (local scope) 的访问权限。

script.runInContext takes the same options as script.runInThisContext.

script.runInContext 使用与 script.runInThisContext 相同的 选项 (option)。

Example: compile code that increments a global variable and sets one, then execute the code multiple times. These globals are contained in the sandbox.

示例: 编译一段“自增一个全局变量然后创建一个全局变量”的代码,然后多次执行此代码, 被操作的全局变量会被保存在沙箱中。 

// { animal: 'cat', count: 12, name: 'kitty' }

Note that running untrusted code is a tricky business requiring great care. script.runInContext is quite useful, but safely running untrusted code requires a separate process.

执行不可信代码 (untrusted code) 是一件充满技巧而且需要非常小心的工作。 script.runInContext 十分好用,但是安全地运行不可信代码还需要将这些代码放入单独的进程里面执行。

script.runInNewContext([sandbox], [options])#

Similar to vm.runInNewContext but a method of a precompiled Script object. script.runInNewContext contextifies sandbox if passed or creates a new contextified sandbox if it's omitted, and then runs script's compiled code with the sandbox as the global object and returns the result. Running code does not have access to local scope.

类似 vm.runInNewContext 但是作为预编译的 Script 对象方法。 若提供 sandboxscript.runInNewContextsandbox 上下文化,若未提供,则创建一个新的上下文化的沙箱, 然后将代码放入沙箱作为全局对象的上下文内执行并返回结果。

script.runInNewContext takes the same options as script.runInThisContext.

script.runInNewContext 使用与 script.runInThisContext 相同的 选项 (option)。

Example: compile code that sets a global variable, then execute the code multiple times in different contexts. These globals are set on and contained in the sandboxes.

示例: 编译一段“写入一个全局变量”的代码,然后将代码放入不同的上下文 (context) 执行,这些被操作的全局变量会被保存在沙箱中。 

// [{ globalVar: 'set' }, { globalVar: 'set' }, { globalVar: 'set' }]

Note that running untrusted code is a tricky business requiring great care. script.runInNewContext is quite useful, but safely running untrusted code requires a separate process.

执行不可信代码 (untrusted code) 是一件充满技巧而且需要非常小心的工作。 script.runInNewContext 十分好用,但是安全地运行不可信代码还需要将这些代码放入单独的进程里面执行。