How to "block" the V8?

Question

How to "block" the V8?

I am new to V8 and plan to use it in a python web application. The goal is to allow users to send and execute specific JS scripts. This is obviously a security risk, so I'm looking for resources that document ways to block v8. For example, is it possible to create a whitelist of functions allowed to be called? Or a blacklist of libraries that are not allowed to be referenced?

+6

javascript python sandbox

Trindaz Mar 19 '12 at 10:57

source share

2 answers

Thiefmaster · Answer 1 · 2012-03-20T23:49:28+0000

If you use a simple V8 (that is, not something like node.js), there will be no dangerous functions. JavaScript itself does not have stdlib containing file system functions, etc.

The only thing a malicious user can do is create endless loops, deep recursions, and memory gods.

Jeffs · Answer 2 · 2012-03-20T23:28:52+0000

Just block the V8 instance (i.e. did not give it any rights in chroot) and kill the process, if it does not return after a certain amount of time, does it not work?

How to "block" the V8?

More articles: