How to execute javascript code in sandbox on server?

V

Vitalij Rudyuk2014-06-15 21:14:45

JavaScript

Vitalij Rudyuk, 2014-06-15 21:14:45

The task is to accept javascript code from the user and process it on the server. It is important that ajax, websocket and other external requests do not work in user code. How can this even be implemented? At first, I thought that I should install something like node.js on the server and use it to execute the javascript code received from the user, but I don’t understand how to do it, as it were, in a sandbox. Can you tell me what technologies are available for this?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

T

Timur Shemsedinov, 2014-06-16
@Faradey

There is such a namespace "vm", see nodejs.org/api/vm.html Methods in it: vm.createContext(sandbox), vm.createScript(code, scriptName). It also has the Script class and its methods: script.runInThisContext(), script.runInNewContext(sandbox). In general, you can create a sandbox that does not even have access to require, and pass only those functions into it that are needed to safely execute the script. Then wrap the script execution in the Domain, see nodejs.org/api/domain.html And then everything will be definitely safe, and the script will have no access to the outside world, and if it crashes, then you can catch it through the domain, and global it is its own data is not obscured, i.e. the sandbox can be killed and a new one created without even restarting the node process. An example of usage can be seen here:https://github.com/tshemsedinov/impress/blob/maste... There are some tricks there, for example, how to mix your functions with base classes in a sandbox and the like.