PNPerson
PNPerson6mo ago

Running untrusted code, eval-style

I have a project that on occassion I want to be able to execute JS code that I can then quickly get the output of. How is it reccomended I do that
2 Replies
radur
radur6mo ago
Run it in a separate worker (worker pool), restrict the worker security as much as possible, use the Function constructor for the evaluation. See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval#never_use_eval!
MDN Web Docs
eval() - JavaScript | MDN
The eval() function evaluates JavaScript code represented as a string and returns its completion value. The source is parsed as a script.
radur
radur6mo ago
If the code that gets executed is completely untrusted the safest choice would be to spawn a new instance of deno and pass the code to it to be evaluate.
More Posts
Available disk spaceI'm writing an API which will potentially create a large temporary file. I thought it would useful Verify AWS SNS signature with PEM certificateHello, I'm trying to verify aws sns messages in deno given a signing cert (in pem format, RSA sha1) Headers for WebSocket clientI need to connect Deno (as a client) to a WebSocket server that requires custom headers on connectioDeno testing with local oak serverI'm trying to setup a simple oak application for a few tests. The test steps work as expected but I Anyone aware of a streaming multipart parser for Deno?I'd like to handle the parts of a multipart/form-data stream in a server as they arrive rather than Deno does not deliver all the information with the EventSourceIs there some configuration or do I have to iterate in some way so that the entire message is delive