javascript - How to run user code that might be unsafe? -
i writing program interpret , run user code written in javascript in c#. how go running hard limit in running time?
running user code; ever; not safe (see sql injection, obligatory reference xkcd). there no way make safe (apart sandboxing, @ point aren't running code on computer more). see 10 immutable laws of security (technet)
that said, use overload of process.waitforexit
takes int
(msdn) "timeout" , kill process after time period (10s in example):
process myveryunsafeproc = new process(); myverunsafeproc.start(); if (!myveryunsafeproc.waitforexit(10000)) { myveryunsafeproc.kill(); }
note javascript have killed monitoring process , made whole exercise pointless. did mention can't safely?
Comments
Post a Comment