Security risks of using eval() to execute user input in JavaScript

Question

I\'m planning on throwing together a quick web page for my students to teach them about JavaScript programming. On this page, I\'d like to give them a text box and allow the

Answer 1

You could try using a JavaScript sandboxing library. Dean Edward's solution Caja do not restrict code from accessing the current window or document. The JSandbox library fully sandboxes code execution using Web Worker Threads (you won't be able to use the DOM because of this) but it only works in browsers that support them.

JSandbox is asynchronous so you will need to change your code to make use of callbacks if you choose to use it.