Sandbox

Another useful feature of #Script is that it operates within a controlled sandbox where each ScriptContext instance is isolated and defines the entire execution environment on which scripts are executed within as such it should be safe to run scripts from untrusted 3rd Party sources as they're confined to what's available within their allowed ScriptContext instance.

ScriptContext

The only functionality a new ScriptContext instance has access to are the safe set of default scripts and the htmlencode Filter Transformer. #Script can't call methods on instances or have any other way to invoke a method unless it's explicitly registered.

If running a script from an untrusted source we recommend running them within a new ScriptContext instance so they're kept isolated from any other ScriptContext instance. Context's are cheap to create, so there won't be a noticeable delay when executing in a new instance but they're used to cache compiled lambda expressions which will need to be recreated if executing script in new ScriptContext instances. For improved performance you can instead have all untrusted templates use the same ScriptContext instance that way they're able to reuse compiled expressions.

Remove default scripts

If you want to start from a clean slate, the default scripts can be removed by clearing the ScriptMethods collection:

Disabling adhoc Filters

Or if you only want to disable access to some filters without removing them all, you can disable access to adhoc filters by adding to the ExcludeFiltersNamed collection:

Script Methods can also be disabled on an individual PageResult by populating its ExcludeFiltersNamed collection.

Instance creation and MaxQuota

The only instances that can be created within scripts are what's allowed in JavaScript Literals and the Generation and Repeating Filters. To limit any potential CPU and GC abuse any default scripts that can generate instances are limited to a MaxQuota of 10000 iterations. This quota can be modified with:

made with by ServiceStack