A server plugin for SillyTavern. It makes a idiomatic analysis of JavaScript code to detect potentially dangerous operations, such as network requests, eval calls, and other unsafe APIs. It can also sanitize the code by removing or commenting out dangerous parts.
This is not a full-fledged JavaScript interpreter like SandboxJS. It uses tree-sitter to parse JavaScript code and analyze its structure. If you have a more complex use case, use something else.
- Open a terminal in
{SillyTavern_Folder}/plugins.
git clone https://github.com/bmen25124/SillyTavern-JS-Analyzer- Set
enableServerPlugins: truein{SillyTavern_Folder}/config.yaml. - Run
npm installin the plugin folder to installtree-sitter - Restart the server.
Example request: POST /api/plugins/js-security/analyze
{
"code": "showPage_67('drawings'); fetch('https://www.google.com/');",
"settings": {
"allowedAPIs": [
"console",
"Math",
"Date",
"JSON",
"parseInt",
"parseFloat",
"isNaN",
"isFinite"
],
"blockedAPIs": [
"fetch",
"XMLHttpRequest",
"eval",
"Function",
"WebSocket",
"localStorage",
"sessionStorage"
],
"maxScriptLength": 50000,
"allowObfuscation": false
}
}Response:
{
"safe": false,
"violations": [
{
"type": "dangerous_api_call",
"node": "fetch",
"position": {
"row": 0,
"column": 25
},
"severity": "error",
"message": "Blocked dangerous API call: fetch"
}
],
"sanitizedCode": "showPage_67('drawings'); /* fetch() blocked for security */('https://www.google.com/');"
}