运行运行时代码的安全方式（XML文件编辑）C＃

Question

I have a CLI application which is able to edit XML files with some parameters.

However I'm needing now a more powerful way to do it.

I want to give users the option to edit XML files using custom code from a .txt for total control over the XML editing.

For example:

@CODE File<file name for XML editing>
<code>
# Custom XML parser/editing code
for elem in tree.iter(tag='location'):
if elem.text == 'J':
    elem.text = 'January'
</code>

Which would be the safest way to do this in .net C#? I mean the user only be able to edit the XML file and not doing anything more that compromises the security of the system (like deleting files)?

I'm thinking of using a Javascript engine ( like this one ) and running javascript code from the file. I believe javascript would limit what the user would be able to do. I also thought in C# code and Python but this ones may introduce the security issues.

Edit: One requirement is that it must work on mono.

Answer 1

I have choose the IronJS .NET runtime with a javascript XML library discussed here (XML for < script> W3C DOM Parser).

I have also looked for other javascript .NET runtimes like: Javascript .NET, Jurassic and Jint (opted for IronJS because the better performance). Plus tested some .NET Lua libraries, namely Kopilua , but opted for the javascript solution because it seemed more complete, more documented and easier to use.