JS should be sandboxed #6
Assignees
Labels
bug
Something isn't working
Comments
|
Solving this may also solve the TODOs mentioned in the file:
|
|
I've just noted the |
eternaleclipse
changed the title
|
I fully agree yea - I don't know much about it at the moment but I assume there's a better way that would encapsulate and isolate all future code checking (not limited to JS as well). Although for now we'd only have to check the validity of programs (although checking the output would be pretty sweet), here are some rust solutions that might be better: Javascript specific: Sandboxing in Rust: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently every file is being executed with node.
This is dangerous and essentially gives any input file easy code execution.
One possible solution is to use a JS sandbox, such as:
https://github.com/Bromeon/js-sandbox
Keep in mind this issue will keep coming up as we introduce additional external parsers that are not rust-native.
We may need to solve this using a generic sandboxing approach.
The text was updated successfully, but these errors were encountered: