1
0
Fork 0
mirror of https://github.com/rails/execjs synced 2023-03-27 23:21:20 -04:00

Note security

This commit is contained in:
Joshua Peek 2014-12-22 23:30:32 -06:00
parent 4b7d781381
commit 7821de8db3

View file

@ -52,11 +52,18 @@ in. If you want to access the Node API, you should check another library like
[commonjs.rb](https://github.com/cowboyd/commonjs.rb) designed to provide a
consistent interface.
**Why can't I use `setTimeout`**
**Why can't I use `setTimeout`?**
For similar reasons as modules, not all runtimes guarantee a full JavaScript
event loop. So `setTimeout`, `setInterval` and other timers are not defined.
**Can I ExecJS be used to sandbox scripts?**
No, ExecJS shouldn't be used for any security related sandboxing. Since runtimes
are automatically detected, each runtime has different sandboxing properties.
You shouldn't use `ExecJS.eval` on any inputs you wouldn't feel comfortable Ruby
`eval()`ing.
# License