I would try a parser like uglify to detect if require() is called in the code. If not I would accept the "script". You could check more things but that is the most important.
Then I would just run the code inside vm module. -- Diogo Resende On Wednesday, January 16, 2013 at 21:24 , Gustavo Machado wrote: > Hello, > > We are building a platform that is oriented to developers in node.js, and we > are in the process of evaluating giving our users the ability to configure > validation and authorisation rules in Javascript. > > On virtually every request, these validation rules are going to be executed, > so it needs to be somewhat performant, but most importantly "safe". And by > safe I mean: > > - no require-ing > - no access to global > - any kind of attack that may give access to the local system (files, > network, etc) > > So far, we found the "sandbox" module: > https://github.com/gf3/sandbox/blob/master/example/example.js but are looking > for some other choices. > > Thanks, > Gustavo Machado > > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to [email protected] > (mailto:[email protected]) > To unsubscribe from this group, send email to > [email protected] > (mailto:[email protected]) > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
