如何安全，安全地在浏览器中运行JavaScript？ [英] How to run javascript inside browser safely and securely?

问题描述

我需要 eval（）我页面中的代码，因为我正在研究类似jsFiddle的东西。由于 eval 的声誉如此糟糕，我如何安全可靠地解释用户输入代码？或尽可能安全可靠？

I need to eval() the code inside my page because I am working on something jsFiddle-like. Since eval has such a bad reputation, how can I interpret the user input code safely and securely? Or as safely and securely as possible?

推荐答案

我建议您查看以下资源：

I would suggest you have a look at the following resources:

• https://code.google .com / p / jsreg /


• https ：//www.owasp.org/index.php/OWASP_JavaScript_Sandboxes


• http://www.thespanner.co.uk/2012/10/18/mentaljs-sandboxparser/

• https://code.google.com/p/jsreg/
• https://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes
• http://www.thespanner.co.uk/2012/10/18/mentaljs-sandboxparser/

无论如何，您应该考虑运行来自其他域上的不受信任的用户/来源的代码，而不是您的主要网站/内容所在的代码。

Anyway, you should consider running the code that's coming from untrusted users/sources on another domain than where your main site/content is located.

这篇关于如何安全，安全地在浏览器中运行JavaScript？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！