[avinassh]

> For safety, the script does not provide any API that harms your environment.

how do you ensure safety? Can the scripts make network or IO calls?

Also, how do you actually run the scripts? in some isolated docker container / VM?

[vanishs]

The script is running in the VM on the api service and does not provide any IO functions.

Just like the functions provided by the playground page, users can fill in any code, so I must ensure that it cannot write functions that can harm the server.

However, someone wants to connect to sql, mongodb, local files, http, etc. Even if it is the same http request function, everyone's needs may be different, so the Go plugin function mentioned above allows users to develop the functions they want. In this way, someone will make a more useful mysql plug-in, someone will make a mongodb plug-in, and so on. If you can't find the function you want, you can also develop one yourself.

[avinassh]

> The script is running in the VM on the api service and does not provide any IO functions.

Thank you for answering! but I am still not sure how can you prevent someone importing io lib in go or js and writing to a file.

> Just like the functions provided by the playground page, users can fill in any code, so I must ensure that it cannot write functions that can harm the server.

can you tell me more on how are you ensuring this?

[vanishs]

python, Lua and JS These functions are implemented by these packages:

github.com/dop251/goja

github.com/yuin/gopher-lua

go.starlark.net

Go scripts (programs) are not subject to any restrictions. So there is no Go script support in the playground(debug)

[avinassh]

Thank you so much! This explains how they are run. I will explore these repositories.

[vanishs]

thank you for discussing with me