The AskVM on the target server takes care of it.
It has defined resources and time for timeout (eg. when there is a infinite loop)
Is AskQL injection proof? https://en.wikipedia.org/wiki/SQL_injection
Why wouldn't you just use Javascript with a couple of libraries?**
JavaScript's eval( <javascript> ) is terrible at ensuring security. One can execute there any code on any resources available in Javascript. Moreover there is no control over time of execution or stack size limit.
On contrary, Ask's ask { <askscript> } runs by default on a secure, sandboxed AskVM, which has a separate execution context. We have built in control mechanisms that only allow using external resources you configured. Ask programs are also run with the limits on execution time and stack size restrictions you define.
As for Javascript libraries, one can plug in their favorite JS libraries as resources in AskVM.
AskQL. The complete query solution.
https://notion-ga.ohwhos.now.sh/collect?tid=UA-147529689-3&host=hostnotion.co&page=/FAQ-554ab8a775494057a0fdbedf7ad6f2d6