如何安全,安全地在浏览器中运行JavaScript? [英] How to run javascript inside browser safely and securely?
本文介绍了如何安全,安全地在浏览器中运行JavaScript?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我需要 eval()
我页面中的代码,因为我正在研究类似jsFiddle的东西。由于 eval
的声誉如此糟糕,我如何安全可靠地解释用户输入代码?或尽可能安全可靠?
I need to eval()
the code inside my page because I am working on something jsFiddle-like. Since eval
has such a bad reputation, how can I interpret the user input code safely and securely? Or as safely and securely as possible?
推荐答案
我建议您查看以下资源:
I would suggest you have a look at the following resources:
- https://code.google .com / p / jsreg /
- https ://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes
- http://www.thespanner.co.uk/2012/10/18/mentaljs-sandboxparser/
- https://code.google.com/p/jsreg/
- https://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes
- http://www.thespanner.co.uk/2012/10/18/mentaljs-sandboxparser/
无论如何,您应该考虑运行来自其他域上的不受信任的用户/来源的代码,而不是您的主要网站/内容所在的代码。
Anyway, you should consider running the code that's coming from untrusted users/sources on another domain than where your main site/content is located.
这篇关于如何安全,安全地在浏览器中运行JavaScript?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文