It is essentially a sandbox for each module. Disabling it is a little less safe but not by much. The only way it matters is if a plugin or module would modify a global like Promise or Buffer, but data folders and plugins also have full file system access, which is much more powerful, so there's actually not much that it can protect from. So for your application the benefits definitely outweigh the risks.
I'm honestly not sure that this offers much additional security at all, especially since the Node docs specifically say not to use it as a security measure. On Sun, Dec 8, 2019 at 3:52 PM Florian Cauvin <[email protected]> wrote: > Arlen, > Yes, wow, this change made a *dramatic* improvement in TiddlyWiki startup > time which was reduced from over a minute to about 3 seconds. Fantastic. > > So, can I keep TW running his way, is it somehow "less safe" or ...? > > > On Saturday, December 7, 2019 at 8:31:11 PM UTC+2, Arlen Beiler wrote: >> >> Ok, here's the evalSandboxed code currently. Well, almost, there is one >> change inside the function, but just ignore that. >> /* >> Run code in a sandbox with only the specified context variables in scope >> */ >> $tw.utils.evalSandboxed = $tw.browser ? $tw.utils.evalGlobal : function( >> code,context,filename) { >> var sandbox = $tw.utils.extend(Object.create(null),context); >> vm.runInNewContext(code,sandbox,$tw.utils.evalFilename(filename)); >> return sandbox.exports; >> }; >> >> In the first line, change *$tw.browser* to *true*, like this: >> >> /* >> Run code in a sandbox with only the specified context variables in scope >> */ >> $tw.utils.evalSandboxed = true ? $tw.utils.evalGlobal : function(code, >> context,filename) { >> var sandbox = $tw.utils.extend(Object.create(null),context); >> vm.runInNewContext(code,sandbox,$tw.utils.evalFilename(filename)); >> return sandbox.exports; >> }; >> >> See if that improves anything. >> >> Arlen >> >> On Fri, Dec 6, 2019 at 10:28 AM Florian Cauvin <[email protected]> >> wrote: >> >>> Thanks Arlen for the suggestions: >>> >>> The first is that evalSandboxed (in boot.js) runs every module in a new >>>> context. If you change it to all of them using one separate context which >>>> you create outside the function, it should speed things up some. This one >>>> may vary between node versions, but it's worth a shot. >>>> >>> >>> I located the file and function call you're refering to but I'm not >>> familiar with Javascript, Node, or the internals of TiddlyWiki. Thus I >>> don't feel confident trying to modify that code. Hopefully, a TiddlyWiki >>> developer could look into this? >>> >>> >>>> The second is loading the hundreds of tiddlers that make up the core. >>>> There is a feature of the boot process that fixes this. Replace the >>>> contents of the core folder with this file (assuming your using >>>> Tiddlywiki5.1.21) >>>> https://github.com/Arlen22/TiddlyWiki5-production/blob/master/5-1-21/core/plugin.info. >>>> That way it's just loading one file and doing a simple JSON.parse. >>>> >>> >>> Alright, I replaced all content of >>> /usr/local/lib/node_modules/tiddlywiki/core with that file you linked >>> to. It seems to have shaved a few seconds off the startup time which >>> remained over 56 seconds, so while it seems to help a bit, there seems to >>> be a larger issue. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "TiddlyWiki" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/tiddlywiki/b987363a-17f2-4444-8bb9-d6aa43c7b841%40googlegroups.com >>> <https://groups.google.com/d/msgid/tiddlywiki/b987363a-17f2-4444-8bb9-d6aa43c7b841%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- > You received this message because you are subscribed to the Google Groups > "TiddlyWiki" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/tiddlywiki/2495b4d0-ff89-474e-8c67-ffae52549c9e%40googlegroups.com > <https://groups.google.com/d/msgid/tiddlywiki/2495b4d0-ff89-474e-8c67-ffae52549c9e%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/CAJ1vdSQUR1PjSFC25toy8%3DyWSz1598KPEOjf1%3DySnucQFJyrgw%40mail.gmail.com.
