https://npmjs.org/package/contextify
or maybe https://npmjs.org/package/node-sandbox 2013/1/16 Diogo Resende <[email protected]> > I would try a parser like uglify to detect if require() is called in the > code. If not I would accept the "script". You could check more things but > that is the most important. > > Then I would just run the code inside vm module. > > -- > Diogo Resende > > On Wednesday, January 16, 2013 at 21:24 , Gustavo Machado wrote: > > Hello, > > We are building a platform that is oriented to developers in node.js, and > we are in the process of evaluating giving our users the ability to > configure validation and authorisation rules in Javascript. > > On virtually every request, these validation rules are going to be > executed, so it needs to be somewhat performant, but most importantly > "safe". And by safe I mean: > > - no require-ing > - no access to global > - any kind of attack that may give access to the local system (files, > network, etc) > > So far, we found the "sandbox" module: > https://github.com/gf3/sandbox/blob/master/example/example.js but are > looking for some other choices. > > Thanks, > Gustavo Machado > > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > > > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
