D
Deno

help

Running untrusted code, eval-style

PPNPerson2/10/2024
I have a project that on occassion I want to be able to execute JS code that I can then quickly get the output of. How is it reccomended I do that
Rradur2/10/2024
Run it in a separate worker (worker pool), restrict the worker security as much as possible, use the Function constructor for the evaluation. See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval#never_use_eval!
MDN Web Docs
eval() - JavaScript | MDN
The eval() function evaluates JavaScript code represented as a string and returns its completion value. The source is parsed as a script.
Rradur2/10/2024
If the code that gets executed is completely untrusted the safest choice would be to spawn a new instance of deno and pass the code to it to be evaluate.

Looking for more? Join the community!