nickjacob · November 13, 2013 00:45 · SephReed · Apr 28, 2016
diff --git a/safe_eval.js b/safe_eval.js
 function safe_eval(code, ctx) {
 return (new Function (["window", "undefined"], "try { " + code + " } catch (e){ return e; }"))(ctx); 
 }

 function restrict (base, perm) {
  var out = {}, k = null,
      READ = 'read',
      WRITE = 'write',
      RW = 'readwrite';
  
  for (k in perm) {
    (function (key, val) {
      if (!val) return;
      
      if (perm[key] === READ)
        out.__defineGetter__(key, function(){ return val; });
      else if (perm[key] === WRITE)
        out.__defineSetter__(key, function (v){ base[key] = v; });
      else if (perm[key] === RW)
        out[key] = val;
    })(k, base[k]);
  }
  
  return out;
 } 

 var READ = 'read', WRITE = 'write', RW = 'readwrite';

 // save eval with some window properties
 safe_eval("console.log(window.document);", restrict(window, { document: READ }));
	function safe_eval(code, ctx) {
	return (new Function (["window", "undefined"], "try { " + code + " } catch (e){ return e; }"))(ctx);
	}

	function restrict (base, perm) {
	var out = {}, k = null,
	READ = 'read',
	WRITE = 'write',
	RW = 'readwrite';

	for (k in perm) {
	(function (key, val) {
	if (!val) return;

	if (perm[key] === READ)
	out.__defineGetter__(key, function(){ return val; });
	else if (perm[key] === WRITE)
	out.__defineSetter__(key, function (v){ base[key] = v; });
	else if (perm[key] === RW)
	out[key] = val;
	})(k, base[k]);
	}

	return out;
	}

	var READ = 'read', WRITE = 'write', RW = 'readwrite';

	// save eval with some window properties
	safe_eval("console.log(window.document);", restrict(window, { document: READ }));