Concepts

Scott Waldron Updated by Scott Waldron

The Sandbox

The sandbox is based on a very similar premise: if you cannot import the type or module, you cannot use it. Dino does not attempt to use confusing combinations of attributes and permission sets. Instead, you simply set it up as "allow everything but this" (a blacklist) or "don't allow anything except this" (a whitelist).

The key aspect of the Dino sandbox is that it is applied at compile time, not evaluation time. Consider the following code.

// admin.dino

from System.IO import File; // private

def sayHello(name){
print "Hello, " + name;
}

def deleteFile(file){
File.Delete(file);
}
// enduser.dino

import script "admin.dino" as admin;

admin.deleteFile("C:\\test.txt");

The "enduser.dino" file has access to the "deleteFIle" function because functions are public by default. The sandbox that is applied when the end user is writing their script may prevent them from importing the File type from System.IO but because Dino applies the sandbox at compile time, it does not prevent them from calling a base function that uses this symbol.

To prevent the end user from calling this function, it can be marked as private.

// admin.dino

from System.IO import File; // private

def sayHello(name){
print "Hello, " + name;
}

private def deleteFile(file){
File.Delete(file);
}
// enduser.dino

import script "admin.dino" as admin;

admin.sayHello("Rex"); // Ok, sayHello is public
admin.deleteFile("C:\\test.txt")
// error, undefined symbol

The Dino sandbox is covered more in depth in Importing Scripts and Types.

How did we do?

Operators

Syntax

Contact