This project has moved. For the latest updates, please go here.

Script Security

Feb 10 at 6:14 AM
Hello,

I would like implement some security feature to prevent user from executing malicious script.
like scripts contains some script to delete file.Is any code access security is option available in java script. Any is there any way to achieve this?

Thanks
Praveen
Coordinator
Feb 10 at 7:37 PM
Edited Feb 10 at 7:41 PM
Hello Praveen,

Initially a ClearScript JavaScript engine provides no access to the file system. It exposes no APIs except JavaScript intrinsics such as Object, Function, and Math. For script code to have access to the file system, the host must expose objects or types that provide such access, and these resources can impose whatever security restrictions are required.

However, be aware that V8 is not a sandbox. Malicious JavaScript code running in V8 may not have file access, but it can easily crash its host process. V8 was designed specifically for Chrome, which has a multi-process architecture and can withstand such crashes. Therefore, if your plan is to use V8 to run unknown or untrusted script code, consider doing so in a dedicated process.

Good luck!