Comment by LtdJorge
It's cool. Do you sanitize the untrusted input? As far as I can see, it directly assembles with NASM and runs the binary.
It's cool. Do you sanitize the untrusted input? As far as I can see, it directly assembles with NASM and runs the binary.
Looking at the source code of the code-editor [1], it seems to be embedding https://onecompiler.com via the iframe and delegating code compilation and execution to it. So I guess it's a question to onecompiler, whether they sanitize input or not. :)
[1]: https://github.com/shikaan/shikaan.github.io/blob/main/_incl...
Exactly this.
I have been planning on trying to glue up something with v86[1] as I did in OSle[2] but I did not get to it yet.
In that case, everything would run locally and sandboxes, so you would not have to care.
It might be similar to Matt Godbolt's experience with his "Compiler Explorer". Most of your users are not trying to set fire to the free system, and when somebody does, on purpose or by accident, you focus on being able to reliably recover, not prevent it. So e.g. maybe Clara T Vandal "cleverly" seizes control of a random Compiler Explorer build box, well, that box is no longer marked OK because of her changes, it gets automatically torn down and replaced, no real problem. Did Clara do 0.001¢ of Bitcoin creation without paying for it? Yeah, maybe, and Clara probably cost Matt 0.1 cents for the data centre fees but it's not a big deal.