2012-04-27 16:28:54 +00:00
V8Js
====
2013-04-15 21:01:35 +00:00
V8Js is a PHP extension for Google's V8 Javascript engine.
2013-04-15 20:57:43 +00:00
The extension allows you to execute Javascript code in a secure sandbox from PHP. The executed code can be restricted using a time limit and/or memory limit. This provides the possibility to execute untrusted code with confidence.
2012-04-27 16:28:54 +00:00
Minimum requirements
--------------------
2013-07-07 20:29:05 +00:00
- V8 Javascript Engine library (libv8) master < https: // github . com / v8 / v8 /> (trunk)
2012-04-27 16:47:52 +00:00
2013-04-15 20:57:43 +00:00
V8 is Google's open source Javascript engine.
2012-04-27 16:47:52 +00:00
V8 is written in C++ and is used in Google Chrome, the open source browser from Google.
2013-04-15 20:57:43 +00:00
V8 implements ECMAScript as specified in ECMA-262, 5th edition.
2014-10-19 12:09:53 +00:00
This extension makes use of V8 isolates to ensure separation between multiple V8Js instances and uses the new isolate-based mechanism to throw exceptions, hence the need for 3.24.10 or above.
2013-04-15 20:57:43 +00:00
2014-09-17 21:20:20 +00:00
For a detailed overview of which V8 version V8Js can be successfully built against, see the [Jenkins V8Js job list ](http://jenkins.brokenpipe.de/view/v8js-with-v8-versions/ ).
2013-10-05 18:11:35 +00:00
2013-04-15 20:57:43 +00:00
- PHP 5.3.3+
2012-04-27 16:28:54 +00:00
2013-04-15 20:57:43 +00:00
This embedded implementation of the V8 engine uses thread locking so it should work with ZTS enabled.
However, this has not been tested yet.
2013-07-07 20:29:05 +00:00
COMPILING LATEST VERSION
========================
2014-09-19 16:54:44 +00:00
Instead of compiling manually you might want to pull the [V8Js docker
repository](https://registry.hub.docker.com/u/stesie/v8js/).
2013-07-07 20:29:05 +00:00
Compile latest v8
-----------------
```
cd /tmp
2014-09-28 20:59:36 +00:00
git clone https://chromium.googlesource.com/chromium/tools/depot_tools.git
export PATH=`pwd`/depot_tools:"$PATH"
2013-07-07 20:29:05 +00:00
git clone https://github.com/v8/v8.git
cd v8
make dependencies
make native library=shared -j8
2013-10-01 22:05:36 +00:00
sudo mkdir -p /usr/lib /usr/include
2013-10-03 21:59:27 +00:00
sudo cp out/native/lib.target/lib*.so /usr/lib/
2014-09-19 16:50:22 +00:00
echo -e "create /usr/lib/libv8_libplatform.a\naddlib out/native/obj.target/tools/gyp/libv8_libplatform.a\nsave\nend" | sudo ar -M
2014-09-16 22:45:24 +00:00
sudo cp -R include/v8* /usr/include
2013-07-07 20:29:05 +00:00
```
2013-10-01 22:05:36 +00:00
If you don't want to overwrite the system copy of v8, replace `/usr` in
the above commands with `/tmp/v8-install` and then add
`--with-v8js=/tmp/v8-install` to the php-v8js `./configure` command below.
2014-09-19 16:50:22 +00:00
`libv8_libplatform.a` should not be copied directly since it's a thin
archive, i.e. it contains only pointers to the build objects, which
otherwise must not be deleted. The simple mri-script converts the
thin archive to a normal archive.
2013-07-07 20:29:05 +00:00
Compile php-v8js itself
-----------------------
```
cd /tmp
git clone https://github.com/preillyme/v8js.git
cd v8js
phpize
2013-10-03 14:27:04 +00:00
./configure
2013-07-07 20:29:05 +00:00
make
sudo make install
```
2012-04-27 16:28:54 +00:00
2013-04-15 20:57:43 +00:00
PHP API
=======
2012-04-27 16:28:54 +00:00
2012-07-24 12:03:32 +00:00
class V8Js
{
/* Constants */
const string V8_VERSION;
2013-10-12 18:44:15 +00:00
2012-07-24 12:03:32 +00:00
const int FLAG_NONE;
const int FLAG_FORCE_ARRAY;
2013-10-12 18:44:15 +00:00
const int DEBUG_AUTO_BREAK_NEVER;
const int DEBUG_AUTO_BREAK_ONCE;
const int DEBUG_AUTO_BREAK_ALWAYS;
2012-07-24 12:03:32 +00:00
/* Methods */
// Initializes and starts V8 engine and Returns new V8Js object with it's own V8 context.
2013-04-15 20:57:43 +00:00
public __construct ( [ string $object_name = "PHP" [, array $variables = NULL [, array $extensions = NULL [, bool $report_uncaught_exceptions = TRUE ] ] ] )
// Provide a function or method to be used to load required modules. This can be any valid PHP callable.
// The loader function will receive the normalised module path and should return Javascript code to be executed.
public setModuleLoader ( callable $loader )
2012-07-24 12:03:32 +00:00
// Compiles and executes script in object's context with optional identifier string.
2013-04-15 20:57:43 +00:00
// A time limit (milliseconds) and/or memory limit (bytes) can be provided to restrict execution. These options will throw a V8JsTimeLimitException or V8JsMemoryLimitException.
public mixed V8Js::executeString( string $script [, string $identifier [, int $flags = V8Js::FLAG_NONE [, int $time_limit = 0 [, int $memory_limit = 0]]]])
2012-07-24 12:03:32 +00:00
2014-09-16 14:09:58 +00:00
// Compiles a script in object's context with optional identifier string.
public mixed V8Js::compileString( string $script [, string $identifier ])
// Executes a precompiled script in object's context.
// A time limit (milliseconds) and/or memory limit (bytes) can be provided to restrict execution. These options will throw a V8JsTimeLimitException or V8JsMemoryLimitException.
public mixed V8Js::executeScript( resource $script [, int $flags = V8Js::FLAG_NONE [, int $time_limit = 0 [, int $memory_limit = 0]]])
2012-07-24 12:03:32 +00:00
// Returns uncaught pending exception or null if there is no pending exception.
2013-04-15 20:57:43 +00:00
public V8JsScriptException V8Js::getPendingException( )
2012-07-24 12:03:32 +00:00
2013-10-12 18:44:15 +00:00
// Starts V8 debug agent for use with Google Chrome Developer Tools (Eclipse Plugin)
public bool startDebugAgent( [ string $agent_name = "V8Js" [, $port = 9222 [, $auto_break = V8Js::DEBUG_AUTO_BREAK_NEVER ] ] ] )
2012-07-24 12:03:32 +00:00
/** Static methods ** /
// Registers persistent context independent global Javascript extension.
// NOTE! These extensions exist until PHP is shutdown and they need to be registered before V8 is initialized.
// For best performance V8 is initialized only once per process thus this call has to be done before any V8Js objects are created!
2013-04-15 20:57:43 +00:00
public static bool V8Js::registerExtension( string $extension_name, string $code [, array $dependenciess [, bool $auto_enable = FALSE ] ] )
2012-07-24 12:03:32 +00:00
// Returns extensions successfully registered with V8Js::registerExtension().
2013-04-15 20:57:43 +00:00
public static array V8Js::getExtensions( )
2012-07-24 12:03:32 +00:00
}
2013-04-13 23:36:31 +00:00
final class V8JsScriptException extends Exception
2012-07-24 12:03:32 +00:00
{
/* Properties */
protected string JsFileName = NULL;
protected int JsLineNumber = NULL;
protected string JsSourceLine = NULL;
protected string JsTrace = NULL;
/* Methods */
2013-04-15 20:57:43 +00:00
final public string getJsFileName( )
final public int getJsLineNumber( )
final public string getJsSourceLine( )
final public string getJsTrace( )
2012-07-24 12:03:32 +00:00
}
2013-04-15 20:57:43 +00:00
final class V8JsTimeLimitException extends Exception
{
}
final class V8JsMemoryLimitException extends Exception
{
}
Javascript API
==============
// Print a string.
print(string);
// Dump the contents of a variable.
var_dump(value);
// Terminate Javascript execution immediately.
exit();
// CommonJS Module support to require external code.
// This makes use of the PHP module loader provided via V8Js::setModuleLoader (see PHP API above).
require("path/to/module");
2012-07-24 12:03:32 +00:00
2013-10-11 06:15:35 +00:00
The JavaScript `in` operator, when applied to a wrapped PHP object,
works the same as the PHP `isset()` function. Similarly, when applied
to a wrapped PHP object, JavaScript `delete` works like PHP `unset` .
```php
< ?php
class Foo {
var $bar = null;
}
$v8 = new V8Js();
$v8->foo = new Foo;
// This prints "no"
$v8->executeString('print( "bar" in PHP.foo ? "yes" : "no" );');
?>
```
PHP has separate namespaces for properties and methods, while JavaScript
has just one. Usually this isn't an issue, but if you need to you can use
a leading `$` to specify a property, or `__call` to specifically invoke a
method.
```php
< ?php
class Foo {
var $bar = "bar";
function bar($what) { echo "I'm a ", $what, "!\n"; }
}
$foo = new Foo;
// This prints 'bar'
echo $foo->bar, "\n";
// This prints "I'm a function!"
$foo->bar("function");
$v8 = new V8Js();
$v8->foo = new Foo;
// This prints 'bar'
$v8->executeString('print(PHP.foo.$bar, "\n");');
// This prints "I'm a function!"
$v8->executeString('PHP.foo.__call("bar", ["function"]);');
?>
```