0

I'm writing a simple crawler with node.js, which searches for web pages and conditionally executes any JavaScript present.

The problem is that in doing so, I execute code form untrusted sources in my node.js environment. Can running untrusted code on node.js in such a way be dangerous (i.e. when encountering malicious scripts), and, if so, how do I act on this?

Code is executed by jsdom

Trashbin2019np
  • 1
  • 2
  • 1
    it will depend on how you code your crawler. You are basically asking, "what could a malicious site do to my custom client that I have not finished yet?" And that's a little like asking "how long is a piece of string?" – schroeder Aug 08 '22 at 15:03
  • The question is too broad. You are asking how to code your project securely. There are entire libraries of tips. Please look up OWASP as a start . – schroeder Aug 08 '22 at 15:13
  • Comments are not for extended discussion; this conversation has been [moved to chat](https://chat.stackexchange.com/rooms/138511/discussion-on-question-by-trashbinnp2019-threats-that-javascript-poses-to-a-web). – schroeder Aug 14 '22 at 11:02

0 Answers0