Security implications of using JavaScript features

SHACL has some advanced features that use JavaScript and allow arbitrary JavaScript code to be executed. I implemented an example constraint component that checks ORCID checksums, the code for which can be found [here](https://github.com/softwarepub/software-card-policies/tree/f5ea6099c1ab8f2c313e930964263fcb21e1fd99/examples/components). We should figure out which measures are taken to sandbox the JavaScript code (pySHACL uses [pyduktape2](https://github.com/phith0n/pyduktape2)) and prohibit code to be loaded from arbitrary places (see [`sh:jsLibraryURL`](https://github.com/softwarepub/software-card-policies/blob/f5ea6099c1ab8f2c313e930964263fcb21e1fd99/examples/components/orcid.ttl#L87)), and what **we** have to take care of when implementing.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security implications of using JavaScript features #15

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security implications of using JavaScript features #15

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions