PiotrDabkowski
What are the security implications of using this library to run user-defined functions in a Django project?
I am making a project which will allow users to define and run simple javascript functions using my server. What are the possible security implications for this? I noticed you can print in the local server console using console.log('...'), which obviously raised a few alarm bells.
Also, I read somewhere I can disable pyimport. How do I do this, and will that make it secure? Its best to assume that the code will be coming from untrusted sources.
Not recommended, unless your python interpreter where js2py is sandboxed properly. With pyimport it is trivial to run arbitrary code as you can simoly import os a d get access to shell. You can disable it, but the best solution is to sandbox your python interpreter.
However, the translation itself is rather safe and on my website http://piter.io/projects/js2py I allow users to translate js to python online. The code is not executed however. The user can copy and execute it on their own machine.