Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- const express = require('express');
- const bodyParser = require('body-parser');
- const vm = require('vm');
- const app = express();
- const port = 3000;
- app.use(bodyParser.text({type: 'bloody-insane/javascript'}));
- app.post('/unsafe', (req, res) => {
- return new Promise((resolve, reject) => {
- const sandbox = { req:req, res:res, resolve:resolve, reject:reject };
- vm.createContext(sandbox);
- vm.runInContext(req.body+'; resolve();', sandbox);
- });
- });
- app.listen(port, () => console.log(`Example app listening on port ${port}!`));
Add Comment
Please, Sign In to add comment