Opening Nashorn to the Internet

[Rod Nim]

Our app lets our end users write JavaScript via a web interface (Cloud 9's ACE) and submit that code back to the server to be executed in Nashorn.

Does anyone have any perspective on dealing with either accidental or malicious issues such as tight loops and excessive memory allocation?

var outOfMemory = '';
while (true) {
   outOfMemory += outOfMemory;
}

Basically the question is "how do I safely open Nashorn scripting to anyone", white hat, or black hat?

Thanks for the help!

Rod