forked from svaarala/duktape
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsandboxing.html
More file actions
20 lines (17 loc) · 793 Bytes
/
sandboxing.html
File metadata and controls
20 lines (17 loc) · 793 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
<h1 id="sandboxing">Sandboxing</h1>
<p>Sandboxed environments allow execution of untrusted code with two broad
goals in mind:</p>
<ul>
<li>Security: prevent untrusted code from doing unsafe operations such as
accessing memory directly, causing segfaults, etc.</li>
<li>Availability: prevent untrusted code from hogging resources, e.g.
consuming all available memory or entering an infinite loop.</li>
</ul>
<p>Duktape provides mechanisms to achieve these goals for untrusted ECMAScript
code. All C code is expected to be trusted.
See
<a href="https://github.com/svaarala/duktape/blob/master/doc/sandboxing.rst">sandboxing.rst</a>
for a detailed discussion of how to implement sandboxing.</p>
<div class="note">
Sandboxing support in Duktape 2.x is still a work in progress.
</div>