proposal-compartments
jailed
proposal-compartments | jailed | |
---|---|---|
1 | 2 | |
111 | 994 | |
0.0% | - | |
10.0 | 0.0 | |
over 1 year ago | about 4 years ago | |
HTML | JavaScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
proposal-compartments
-
Show HN: Run unsafe user generated JavaScript in the browser
There's a related proposal for Compartments and Module constructor is a prerequisite to that. A shim for the entire thing exists, with lockdown and Compartments isolating code:
https://github.com/endojs/endo/tree/master/packages/ses
https://github.com/tc39/proposal-compartments/
It has usage already, eg. metamask snaps
jailed
-
Show HN: Run unsafe user generated JavaScript in the browser
What advantages does workerbox have over existing solutions like jailed [1]?
[1] https://github.com/asvd/jailed
-
Sandboxed language/interpreter to embed in browser to run untrusted code
So far I'm thinking using a iframe/worker sandbox might be acceptable, this library comes to mind. However it also seems to have some security issues that I'd need to watch for. I'm not 100% sure but I believe I could avoid a lot of issues by using either jailed or doing my own iframe worker sandbox, and serving the user scripts from another domain. This seems to be similar to what platforms like jsfiddle and the like do. However this sounds rather irritating to deal with.
What are some alternatives?
workerbox - A secure sandbox to execute untrusted user JavaScript, in a web browser, without any risk to your own domain/site/page.
determine-basal-native
json-editor - JSON Schema Based Editor
Pentive - Collaborative Spaced Repetition
vm2-process - Execute unsafe javascript code in a sandbox
proposal-shadowrealm - ECMAScript Proposal, specs, and reference implementation for Realms
quickjs-emscripten - Safely execute untrusted Javascript in your Javascript, and execute synchronous code that uses async functions
caja - Caja is a tool for safely embedding third party HTML, CSS and JavaScript in your website.