max / balanced_breakfast
1 file changed,
+1 insertion,
-8 deletions
| @@ -239,17 +239,10 @@ Each field in the `fields` array supports these properties: | |||
| 239 | 239 | ||
| 240 | 240 | The Rhai engine enforces these limits per plugin execution: | |
| 241 | 241 | ||
| 242 | - | **Script limits:** | |
| 243 | 242 | - **Max operations:** 100,000 -- Caps total operations per script call. A typical RSS fetch uses 1,000-5,000 operations. This limit catches infinite loops while allowing complex plugins. | |
| 244 | 243 | - **Max expression depth:** 128 -- Limits AST nesting depth for both expressions and function calls, preventing stack overflows from deeply recursive scripts. | |
| 245 | 244 | ||
| 246 | - | **HTTP limits (per `fetch()` call):** | |
| 247 | - | - **Request count:** 100 -- Maximum HTTP requests per fetch invocation. Counter resets before each `fetch()` call. A typical RSS plugin makes 1-3 requests; 100 allows pagination while catching runaways. | |
| 248 | - | - **Response size:** 2 MB -- Each HTTP response body is capped at 2 MB. Prevents a plugin from consuming unbounded memory on a large or malicious response. | |
| 249 | - | - **Request timeout:** 15 seconds -- Per-request timeout for `http_get` and `http_get_json`. | |
| 250 | - | - **URL restrictions:** Only `http://` and `https://` schemes are allowed. Requests to localhost, private networks (10.x, 172.16-31.x, 192.168.x, 169.254.x), and IPv6 loopback (::1) are blocked. | |
| 251 | - | ||
| 252 | - | If a plugin exceeds any limit, the engine terminates execution and returns an error. | |
| 245 | + | If a plugin exceeds either limit, the engine terminates execution and returns an error. | |
| 253 | 246 | ||
| 254 | 247 | ## Complete Minimal Example | |
| 255 | 248 |