开发者

How to safely execute unknown Javascript code in Node.js?

开发者 https://www.devze.com 2023-03-14 09:33 出处:网络
I need to run code supplied by an unknown source which validates or sorts something. How can I do this safely in Node.js?

I need to run code supplied by an unknown source which validates or sorts something.

How can I do this safely in Node.js?

Python has RestrictedPython, anything similar?

There is also ADsafe for the browser, but is it usa开发者_如何转开发ble in Node.js?


Node has an excellent tool for this, the node.vm. Basically you can run a script in its own context, effectively sandboxing it.

Of course, since Node runs on a single thread, a harmful script can always shut down your server just by doing:

while (true) {;}

To be completely safe, you need to spawn a new process and use message passing for communication.

0

精彩评论

暂无评论...
验证码 换一张
取 消