Passing untrusted inputs to a JavaScript interpreter like `Js2Py` can lead to arbitrary code execution.

This vulnerability can be prevented either by preventing an untrusted user input to flow to an eval_js call. Or, the impact of this vulnerability can be significantly reduced by disabling imports from the interepreted code (note that in a comment the author of the library highlights that Js2Py is still insecure with this option).

In the example below, the Javascript code being evaluated is controlled by the user and hence leads to arbitrary code execution.

This can be fixed by disabling imports before evaluating the user passed buffer.