Quantcast
Channel: ClearScript
Viewing all articles
Browse latest Browse all 2297

New Post: Script Security

0
0
Hello Praveen,

Initially a ClearScript JavaScript engine provides no access to the file system. It exposes no APIs except JavaScript intrinsics such as Object, Function, and Math. For script code to have access to the file system, the host must expose objects or types that provide such access, and these resources can impose whatever security restrictions are required.

However, be aware that V8 is not a sandbox. Malicious JavaScript code running in V8 may not have file access, but it can easily crash its host process. V8 was designed specifically for Chrome, which has a multi-process architecture and can withstand such crashes. Therefore, if your plan is to use V8 to run unknown or untrusted script code, consider doing so in a dedicated process.

Good luck!

Viewing all articles
Browse latest Browse all 2297