cscott
commented
10 years ago v8js exposes very little by default. There is no native javascript file or network support. All the functionality you want to expose to JavaScript you provide through a PHP interface you provide.
I am looking at your v8 engine for PHP and it looks very promising, however I am not able to find any more details about your quote:
“The extension allows you to execute Javascript code in a secure sandbox from PHP. The executed code can be restricted using a time limit and/or memory limit. This provides the possibility to execute untrusted code with confidence.”.
I am mainly interested how secure this environment is. For example is it possible for the JS to include external libraries which in turn may be able to access the disk or the network? How safe would I be to expose a scripting interface in my a control panel, what is the worst types of scripts that can be ran from this. Are there any other methods of controlling the security level?
Regards Jonathan