Running untrusted code, eval-style
I have a project that on occassion I want to be able to execute JS code that I can then quickly get the output of. How is it reccomended I do that
2 Replies
Run it in a separate worker (worker pool), restrict the worker security as much as possible, use the Function constructor for the evaluation. See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval#never_use_eval!
MDN Web Docs
eval() - JavaScript | MDN
The eval() function evaluates JavaScript code represented as a string and returns its completion value. The source is parsed as a script.
If the code that gets executed is completely untrusted the safest choice would be to spawn a new instance of deno and pass the code to it to be evaluate.