Backend side eval js code? Puppeteer or not puppeteer?

Step 1: Valid request http to server
Step 2: Extracting HTML

That is OK??
I think NO!

When content (content you want to get) gen by javascript in client side (browser). You need eval JS code on backend side => content => save if you want. How?


HTML receive:

    <script src="/test.js"></script>
        document.body.innerHTML = '<a href="/post3">Link here</a>';

Node module safe-eval "safe-eval(You need to understand before using)

Eval in backend side:
var cheerio= require('cheerio');

var content= `<body>
<script src="/test.js"></script>
    document.body.innerHTML = '<a href="/post3">Link here</a>';
var $= cheerio.load(content);
var scriptMe= '(function(){})();'+ $('script:not([src])').eq(0).html();

var safeEval = require('safe-eval');

var context = {
    document: {
        body: {
            innerHTML: ''

safeEval(scriptMe, context);

You can see prefix js code: '(function(){})();'
I have run many times and think this is a good way when eval js code.

Why safe-eval, not eval?

What do you think if you eval "process.exit();" ??

Even: safe-eval 0.3.0 and below are affected by a sandbox breakout vulnerability - NSP 337, CVE-2017-16088.

(when you safe-eval "this.constructor.constructor('return process')().exit()");

Continue. Please wait next !!!