We are working on an app where we want to give users the ability to upload JS scripts to process their data in our app.
Insane, right? :) Well we are going to do it in a sane way or not do it at all. We understand the risks. I want to take raw JS input from the user, generate an AST, cleanse/evaluate/mangle it, then "re-compile" to minified JS *only* when we know is safe. If the script is doing unsafe things, we'll return compiler errors. Our compiler needs to be able to limit the JS globals to a short "whitelist". i.e. stuff like eval() is not available within the script. Scripts will be run in our node app using vm.runInNewContext(). We will pass in a context object with the data that the user will be processing with their script. Has anyone done something like this? I have a small bit of code started using uglify but am wondering if there are some other projects or design ideas I can pluck from before getting to deep into the weeds. Thanks Kevin -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
