Is it safe to execute third-party code inside workers? We are planning to let our customers execute their JavaScript code on our CF workers. Wondering is there any chance for them to access information not accessible from the outside? KV store is not going to be used.
Can’t generate or execute functions in a worker due to eval being disabled, same with string to function execution. It’s a security feature and a good one.
You have to elaborate that. That approach could expose you to a lot of attack vectors.
1 Like
Inside the worker, we add our service helper functions and the user code that could use our helpers. Please explain more about what attack vectors you are talking about? Thank you.