PNPerson6mo ago

Running untrusted code, eval-style

I have a project that on occassion I want to be able to execute JS code that I can then quickly get the output of. How is it reccomended I do that
2 Replies
radur6mo ago
Run it in a separate worker (worker pool), restrict the worker security as much as possible, use the Function constructor for the evaluation. See!
MDN Web Docs
eval() - JavaScript | MDN
The eval() function evaluates JavaScript code represented as a string and returns its completion value. The source is parsed as a script.
radur6mo ago
If the code that gets executed is completely untrusted the safest choice would be to spawn a new instance of deno and pass the code to it to be evaluate.