fix(core): Block access to JS object constructor and js module in Pyodide (#16957)

packages/nodes-base/nodes/Code/Pyodide.ts

@@ -30,10 +30,10 @@ export async function LoadPyodide(packageCacheDir: string): Promise<PyodideInter
 		await pyodideInstance.runPythonAsync(`
 import os
 
-def blocked_system(*args, **kwargs):
-    raise RuntimeError("os.system is blocked for security reasons.")
+def blocked_function(*args, **kwargs):
+    raise RuntimeError("Blocked for security reasons")
 
-os.system = blocked_system
+os.system = blocked_function
 
 from importlib.abc import MetaPathFinder
 from importlib.machinery import ModuleSpec
@@ -42,6 +42,15 @@ from typing import Sequence, Optional
 
 from _pyodide_core import jsproxy_typedict
 from js import Object
+
+Object.constructor.constructor = blocked_function
+
+import sys
+class blocked_module:
+    def __getattr__(self, name):
+        blocked_function()
+
+sys.modules['js'] = blocked_module()
 `);
 	}