1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc: add note that vm module is not a security mechanism

Browse Source 
the text added in this commit should warn users about
wrong idea that vm module can be secure to run unsafe scripts
in sandboxes

PR-URL: https://github.com/nodejs/node/pull/11557
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit is contained in:
Ruslan Bekenev 2017-02-25 23:11:50 +03:00 committed by James M Snell
parent 989713d343
commit 2e74b0da8f
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/api/vm.md
View File

@ -14,6 +14,9 @@ const vm = require('vm');
JavaScript code can be compiled and run immediately or compiled, saved, and run JavaScript code can be compiled and run immediately or compiled, saved, and run
later. later.
*Note*: The vm module is not a security mechanism.
**Do not use it to run untrusted code**.
## Class: vm.Script ## Class: vm.Script
<!-- YAML <!-- YAML
added: v0.3.1 added: v0.3.1