Untrusted/User-provided scripts?


From looking around here, specifically the thread on script cancellation, I’m under the impression there’s no real way to use Chaiscript in an untrusted environment. Is that true?

I mean, it seems I can sandbox capabilities fine-- start out without a standard library, then add safe things in one at a time (and making sure they don’t block).

But is there any way to limit how much memory a chaiscript uses, or how long it runs (say for X instructions then throw an error)? You know, like while(1) {}.

I was going to go the route of treating lua like a viper and embedding it very carefully, but chia’s modern C++ integration is very attractive.


You are correct that there is currently no way to limit runtime or memory usage of a script. I’m currently in the midst of a large cleanup to try and simplify the project as much as possible before I start adding things like that, but I do expect to add some of those capabilities soon.