mirror of
https://github.com/rails/execjs
synced 2023-03-27 23:21:20 -04:00
Note security
This commit is contained in:
parent
4b7d781381
commit
7821de8db3
1 changed files with 8 additions and 1 deletions
|
@ -52,11 +52,18 @@ in. If you want to access the Node API, you should check another library like
|
|||
[commonjs.rb](https://github.com/cowboyd/commonjs.rb) designed to provide a
|
||||
consistent interface.
|
||||
|
||||
**Why can't I use `setTimeout`**
|
||||
**Why can't I use `setTimeout`?**
|
||||
|
||||
For similar reasons as modules, not all runtimes guarantee a full JavaScript
|
||||
event loop. So `setTimeout`, `setInterval` and other timers are not defined.
|
||||
|
||||
**Can I ExecJS be used to sandbox scripts?**
|
||||
|
||||
No, ExecJS shouldn't be used for any security related sandboxing. Since runtimes
|
||||
are automatically detected, each runtime has different sandboxing properties.
|
||||
You shouldn't use `ExecJS.eval` on any inputs you wouldn't feel comfortable Ruby
|
||||
`eval()`ing.
|
||||
|
||||
|
||||
# License
|
||||
|
||||
|
|
Loading…
Reference in a new issue