Security when accepting arbitrary user inputs?

[tonyxiao]

if jq.node is just javascript, is it vulnerable to user with malicious inputs?