Geek Answers Handbook

End User Scripts

I would like to provide end-user scripts (which will work on the server side) in the application. I read about it and found that the sandbox is much more complicated than I thought.

I don’t care what kind of language it is. LUA, Python, JavaScript, I'm fine with anyone readable.

How difficult is it to run a function in an unreliable script, passing some information and getting some more? I read the JVM Security Manager - this is non-go and that Python is almost not removable, but I have very little knowledge on this topic, and I can not judge the sources.

How can I, for example, interpret a function in JS that accepts JSON (from, say, Java, or Python, or even node.js) and returns the returned JSON?

I would like to avoid implementing the i-just-know-it-will-suck interpreter itself in python.

+5
source share
2 answers

Lua has good sandbox capabilities and is clean and simple.

It has a setfenv () function that can run code in a specific environment. Invalid code can only access what is in a particular environment.
For C functions such as string.rep, you can prevent excessive memory consumption by replacing them with Lua functions or by providing a specialized memory allocator with lua_newstate.

, , Lua , debug.sethook .

Lua Wiki .
lua , .

+4

Tcl sanbox , , . .

+1

More articles:


All Articles