I have a project where I need to take 3rd party XQuery expressions and evaluate them in the context of a single xml document. The expressions are untrusted and I want to limit them to read-only and only allow them to access a single xml document being passed in as an external variable.

I read in the XQuery Module docs (http://docs.basex.org/wiki/XQuery_Module) that with the evaluate() command the evaluated query is prevented from opening new database. 

I believe I could run the evaluate() call from a session connected as a read only user to prevent any update commands. Also, since I only want the evaluated expressions to be able to access a document declared as external I could, I believe, evaluate() from a session connected to an empty database as well.

However, would the evaluated expressions still be able to execute functions from other BaseX modules like, for example, proc:system()?

I know that in general using eval on untrusted code is a huge risk. Is there anyway to create a secure 'sandbox' for evaluating untrusted XQuery expressions?

Any advice would be greatly appreciated.

Thanks,

-Jesse