dukpy
quickjs
dukpy | quickjs | |
---|---|---|
4 | 4 | |
452 | 168 | |
- | - | |
5.7 | 5.2 | |
about 2 months ago | 29 days ago | |
JavaScript | Python | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
dukpy
- YouTube-dl has a JavaScript interpreter written in 870 lines of Python
-
Python is in the browser. No idea if this will lead to chaos or harmony...
oh good, maybe we can now use python's javascript interpreter in browsers https://github.com/amol-/dukpy
-
Web Browser Engineering
I was interested to see that this uses the DukPy wrapper around Duktape for the JavaScript interpreter: https://browser.engineering/scripts.html
This made me start digging into whether this was considered a "safe" way of executing untrusted JavaScript in a sandbox.
its not completely clear to me if DukPy currently attempts safe evaluation - it's missing options for setting time or memory limits on executed code for example: https://github.com/amol-/dukpy
There's a QuickJS Python wrapper here which offers those limits: https://github.com/PetterS/quickjs
I'm pretty paranoid though any time it comes to security and dependencies written in C, so I'd love to see a Python wrapper around a JavaScript engine that has safe sandbox execution as a key goal plus an extensive track record to back it up!
-
My friend thought that 1 is a string in Python
I didn't write it, but here you go. Thanks to the fact that you can pass Python arguments to the JavaScript function, it will nicely cast them for you (via JSON) and make them behave per a Javascript object, which can then do some funsies to make it act like a string.
quickjs
-
AWS Introduces a New JavaScript Runtime for Lambda
You can use it as en embedded scripting language within Python.
[1] https://github.com/PetterS/quickjs
- YouTube-dl has a JavaScript interpreter written in 870 lines of Python
-
Why are the upcoming qutebrowser extensions only “inspired” by the WebExtensions API?
You could run the webextention javascript in quickjs.
-
Web Browser Engineering
I was interested to see that this uses the DukPy wrapper around Duktape for the JavaScript interpreter: https://browser.engineering/scripts.html
This made me start digging into whether this was considered a "safe" way of executing untrusted JavaScript in a sandbox.
its not completely clear to me if DukPy currently attempts safe evaluation - it's missing options for setting time or memory limits on executed code for example: https://github.com/amol-/dukpy
There's a QuickJS Python wrapper here which offers those limits: https://github.com/PetterS/quickjs
I'm pretty paranoid though any time it comes to security and dependencies written in C, so I'd love to see a Python wrapper around a JavaScript engine that has safe sandbox execution as a key goal plus an extensive track record to back it up!
What are some alternatives?
jsx-control-statements - Neater If and For for React JSX
PyMiniRacer - PyMiniRacer is a V8 bridge in Python.
prettier - Prettier is an opinionated code formatter.
mini_racer - Minimal embedded v8
libv8-node - Package libv8 from Node
pyodide - Pyodide is a Python distribution for the browser and Node.js based on WebAssembly
InsideReCaptcha - Reverse-engineering the new “captchaless” ReCaptcha system...
vado - A demo web browser engine written in Haskell
awesome-python - An opinionated list of awesome Python frameworks, libraries, software and resources.
binjs-ref - Reference implementation for the JavaScript Binary AST format
pyduktape - Embed the Duktape JS interpreter in Python