0

I have a textarea and it contains the javascript code. I want to execute this code using API and want to send the response after executing.

Like 

var a = 'some text'
var b = 'ather text'
var c = 123;
var d = a + ' ' +b + ' ' + c;
d + '';

In this case I should get the response 

'some text ather text 123'

It is the same as podio calculation field works. I can execute this code using the eval function but due to some security concern I do not want to use eval.

Thank you :)

sachin
  • 108
  • 6
  • 1
    So you want to send the code to a server, let it execute there, and receive the response? That can bring way more security issues than using eval – ariel Apr 14 '20 at 05:35
  • 2
    Check this https://stackoverflow.com/questions/39058482/javascript-eval-and-security – Lahcen YAMOUN Apr 14 '20 at 05:35
  • Yes I want to do that for now. – sachin Apr 14 '20 at 05:35
  • If you insist on doing that, I suggest using something like puppeteer (headless chrome web browser automation) to inject your js on a, online js interpreter and manage to send back the response – Lahcen YAMOUN Apr 14 '20 at 05:38
  • Puppeteer is a novel idea but seems like it'd be super slow. Surely there's an eval API somewhere--vaguely recall TIO (try it online) offers one? Either way, this question has been asked before. – ggorlen Apr 14 '20 at 05:50
  • Does this answer your question? [How to run user-submitted scripts securely in a node.js sandbox?](https://stackoverflow.com/questions/7446729/how-to-run-user-submitted-scripts-securely-in-a-node-js-sandbox) – ggorlen Apr 14 '20 at 06:00

0 Answers0