Yongke Bill Yu Yongke Bill Yu - 5 months ago 34
Javascript Question

How to run user code that might be unsafe?

I am writing a program that will interpret and run some user code written in Javascript in C#. How do I go about running with hard limit in running time?


Running user code; EVER; is not safe (see SQL injection, obligatory reference to XKCD). There is no way to make it safe (apart from sandboxing, at which point you aren't running their code on your computer any more). See the 10 immutable laws of security (TechNet)

That said, you could use the overload of Process.WaitForExit that takes an int (MSDN) to "timeout" and kill the process after a time period (10s in the example):

Process myVeryUnsafeProc = new Process();
if (!myVeryUnsafeProc.WaitForExit(10000))

Note that the javascript could have killed your monitoring process and made this whole exercise pointless. Did I mention you just can't do this safely?