hngopher.com

       [HN Gopher] Reviving PyMiniRacer: A Python <> JavaScript Bridge
       ___________________________________________________________________
        
       Reviving PyMiniRacer: A Python <> JavaScript Bridge
        
       Author : jbaviat
       Score  : 24 points
       Date   : 2024-03-19 12:04 UTC (4 days ago)
        
 (HTM) web link (bpcreech.com)
 (TXT) w3m dump (bpcreech.com)
        
       | punnerud wrote:
       | All the JSON that work with JavaScript, but not on Python.
       | Finally a good solution?
        
       | simonw wrote:
       | This looks very promising!
       | 
       | The problem I most want to solve with this kind of library is
       | execution of untrusted user-provided code in a sandbox.
       | 
       | For that I need three things:
       | 
       | 1. Total control over what APIs the user's code can call. I don't
       | want their code being able to access the filesystem, or run
       | subprocesses, or make network calls - not without me explicitly
       | allowing a controlled subset of those things.
       | 
       | 2. Memory limits. I need to be able to run code without fear that
       | it will attempt to allocate all available memory on my computer -
       | generally that means I want to be able to set e.g. a 128MB
       | maximum on the amount it can use.
       | 
       | 3. Time limits. I don't want someone to be able to paste "while
       | true() {}" into my system and consume an entire CPU thread in an
       | infinite loop. Usually I want to say something like "run this
       | untrusted code and throw an error if it takes more than 1s to
       | run"
       | 
       | My most recent favourite solution to this is the
       | https://pypi.org/project/quickjs/ Python library wrapper around
       | QuickJS, which offers those exact features that I want - memory
       | limits, control over what the code can do, and a robust time
       | limit.
       | 
       | (The one thing it's missing is good documentation, but the
       | https://github.com/PetterS/quickjs/blob/master/test_quickjs....
       | test suite covers all of those features and is quite readable.)
       | 
       | Can PyMiniRacer handle those requirements as well?
        
       | nickpsecurity wrote:
       | On a related note, Brython lets you run Python in the browser
       | through JavaScript. You can even see Python in the HTML with
       | "text/python" SCRIPT tags.
       | 
       | https://brython.info/
        
       | rossant wrote:
       | There's also https://pyodide.org/en/stable/
        
       ___________________________________________________________________
       (page generated 2024-03-23 23:00 UTC)