I writing a webscaping api in Node.js, It simple structure takes in a website url, page iteration function, and Element Source Selector. The page iteration function is ofcourse Javascript. So I was wonder if there is a safe way to execute their code. Doing a blind eval() on there javascript posted back seems dangerous.
Perhaps, Is there a good framework that exists for only exposing certain functions?
Or a way to make sure they don't have access to any of the global variables?
I apologize if this question doesn't seem as direct but I'm just looking for an efficient way to start things without having extreme security flaws. If this is not possible let me know.
Thanks
What you look is a JavaScript sandboxing library, one of the solutions is Jailed library created by myself.