Added error checking and tests for evaluated parameters

js/ArgParser.js

@@ -26,7 +26,7 @@ Options and their defaults are:
 /*jslint node: true */
 "use strict";
 
-var Sandbox = require("./Sandbox.js").Sandbox;
+var sandbox = require("./Sandbox.js").sandbox;
 
 var ArgParser = function(argString,options) {
 	var parseToken = function(match,p) {
@@ -38,7 +38,7 @@ var ArgParser = function(argString,options) {
 			} else if(match[p+2]) { // Double-square-bracket quoted
 				n = match[p+2];
 			} else if(match[p+3]) { // Double-brace quoted
-				n = options.allowEval === false ? match[p+3] : Sandbox(match[p+3],options.globals);
+				n = options.allowEval === false ? match[p+3] : sandbox(match[p+3],options.globals);
 			} else if(match[p+4]) { // Unquoted
 				n = match[p+4];
 			} else if(match[p+5]) { // empty quote

js/Sandbox.js

@@ -6,16 +6,12 @@ Execute a fragment of JavaScript in a sandbox
 \*/
 (function(){
 
-/*jslint node: true */
+/*jslint evil: true, node: true */
 "use strict";
 
 var uglify = require("uglify-js");
 
-var safeEval = function(e) {
-	return eval(e);
-};
-
-var Sandbox = function(code,globals) {
+var sandbox = function(code,globals) {
 	var globalNames = [],
 		globalValues = [],
 		collectGlobals = function(globals) {
@@ -34,7 +30,7 @@ var Sandbox = function(code,globals) {
 	});
 	// Compose the code
 	var out = [];
-	out.push("(function(")
+	out.push("(function(");
 	out.push(globalNames.join(","));
 	out.push(") { return ");
 	out.push(code);
@@ -45,9 +41,15 @@ var Sandbox = function(code,globals) {
 	// Recompile the code
 	var compiledCode = uglify.uglify.gen_code(tree);
 	// Execute it
-	return eval(compiledCode).apply(null,globalValues);
+	var result;
+	try {
+		result = eval(compiledCode).apply(null,globalValues);
+	} catch(err) {
+		result = "{{** Evaluation error: " + err + " **}}";
+	}
+	return result;
 };
 
-exports.Sandbox = Sandbox;
+exports.sandbox = sandbox;
 
 })();