Including new c++ routine inside ClearScript/V8 about clearscript HOT 8 CLOSED

A couple of questions:

1. Is your product a .NET application? If so, is it already using ClearScript?
2. Are you looking to expose C/C++ resources so that they're visible to script code? Or do you just need to run some native code before and/or after script execution?

from clearscript.

The product is build using C#.Net and Windows Forms and uses ClearScript. We want some API to be part of the scripting engine. The reason for that is we want in no way that those API should be called by some hacker from outside the application using reflection or something....
I also would like that no one can use proxy dlls in between our application and V8 engine.

To be straight forward, The scripts that are loaded are our algorithms and we do not want anyone to know about them in anyway.

• These algorithm are not simple Javascripts... they include some other code as well. We have our own way of executing and processing those pieces of codes and we do it before passing it to the execute at the moment.

So, yes, as you said in statement 2- "Are you looking to expose C/C++ resource so that they're visible to script code?" Yes..
I will call those resources a C/C++ function.

So, when we call in .NET , engine.Execute(script_code)...

this script_code at some point passed to the V8.. for example... v8engine.execute(script_code).
inside the implementation of this V8 code, we want to make our own certain call on the script_code...
v8::execute(script_code)
{
bool is_finalized = false;
while(!is_finalized) {
our_proprietary_process1_execute(script_code);
is_finalized = our_proprietary_process1_execute(script_code);
}

v8::orignal_execute(script_code);
}

At the moment, we are doing this processing inside the .Net Framework... Just before calling the
clearScriptEngine.execute call. But we want to change it to the one stated above ?

from clearscript.

If you wish to add custom unmanaged pre-processing of script code, you'll have to modify ClearScript's V8 bridge (ClearScriptV8), probably somewhere inside V8ContextImpl::Execute.

from clearscript.

Perfect. It will almost solve the problem. I have one more question on the same line:
We will release the product out for evaluation.
When we load a script into the V8 Engine, there is a small problem,
customer can load his own code and call our algorithm.
Instead of calling our code... user can do this (for example our algorithm is algo1):
alert(algo1) or console.print(algo1)...
This will print out the source code for our algorithm.

How do we deal with this ? so, that when user tries to print algo1, instead of seeing source code, he sees something as object or see native object?

We really appreciate your help on this. This should have been our first thing to focus in the beginning of the project... but somehow it was dragged to the end of all the task with assumptions that we can handle it later...

from clearscript.

A couple more questions:

1. In your description above, what is algo1? Is it a JavaScript function? How does your application create and invoke it?
2. It sounds like your application runs both system and customer script code within the same engine instance, and you'd like to protect the system code from customer inspection or meddling. Is that correct?

from clearscript.

You are very much correct. algo1 is javascript code and it was processed by some of our functions. But yes it is javascript function inside the same engine instance. Currently, algo1 is loaded the same way as any other code... that is clearScriptEngine.execute(strAlgo1);
Now this is available to the JavaScript code executed in the same Java Script engine...

from clearscript.

Continuing your example, strAlgo1 probably looks something like this:

function algo1(a, b, c) {
    /* do stuff */
}

This does the job, but as you've realized, it allows untrusted customer code to inspect your function's source code or clobber it with another function or value.

Instead, try something like this:

Object.defineProperty(this, 'algo1', {
    value: (function (a, b, c) {
        /* do stuff */
    }).bind(this)
});

This way your algorithm is hidden, and algo1 cannot be reassigned, redefined, or deleted.

from clearscript.

I tested this approach and it works great... I really appreciate your help and effort on this.
Thanks a lot guy. Will keep you updated 👍

from clearscript.