From e1c130d02fe9fcb22e7c47dae143b6f2c3392a2f Mon Sep 17 00:00:00 2001
From: Zach Pomerantz <zach@highfidelity.io>
Date: Thu, 12 May 2016 17:48:34 -0700
Subject: [PATCH] Timeout long sandbox scripts

---
 libraries/script-engine/src/ScriptEngine.cpp | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/libraries/script-engine/src/ScriptEngine.cpp b/libraries/script-engine/src/ScriptEngine.cpp
index b5077db240..6ed7f7f684 100644
--- a/libraries/script-engine/src/ScriptEngine.cpp
+++ b/libraries/script-engine/src/ScriptEngine.cpp
@@ -1292,8 +1292,23 @@ void ScriptEngine::entityScriptContentAvailable(const EntityItemID& entityID, co
         setParentURL(scriptOrURL);
     }
 
+    const int SANDBOX_TIMEOUT = 0.25 * MSECS_PER_SECOND;
     QScriptEngine sandbox;
-    QScriptValue testConstructor = sandbox.evaluate(program);
+    sandbox.setProcessEventsInterval(SANDBOX_TIMEOUT);
+    QScriptValue testConstructor;
+    {
+        QTimer timeout;
+        timeout.setSingleShot(true);
+        timeout.start(SANDBOX_TIMEOUT);
+        connect(&timeout, &QTimer::timeout, [&sandbox, SANDBOX_TIMEOUT]{
+            auto context = sandbox.currentContext();
+            if (context) {
+                // Guard against infinite loops and non-performant code
+                context->throwError(QString("Timed out (entity constructors are limited to %1ms)").arg(SANDBOX_TIMEOUT));
+            }
+        });
+        testConstructor = sandbox.evaluate(program);
+    }
     if (hadUncaughtExceptions(sandbox, program.fileName())) {
         return;
     }