Sandboxed JS env / repl for free?

For Rust/wasm32 running on Chrome, is there a way to get a 'sandboxed JS env' for free ? Something that we can do the following pseudocode:

let js_env = SandboxedJSEnv::new();
js_env.set(&str, &JsValue);
js_env.get(&str) -> Option<JsValue>;

where we are using / abusing parts of the browser API to get a V8 JIT-ted REPL/interactive environment 'for free'.

That did be proposal-shadowrealm/ at main · tc39/proposal-shadowrealm · GitHub which is not yet implemented anywhere. You could try GitHub - boa-dev/boa: Boa is an embeddable and experimental Javascript engine written in Rust. Currently, it has support for some of the language. which is a javascript engine written in rust. Not sure if it runs in the browser though. Alternatively there are some sandbox projects for javascript. Not sure how secure those are though.

1 Like

The Spider monkey VM, used by Firefox, has been compiled to WebAssembly and uploaded to WAPM. Maybe you can use it to execute JavaScript.

WebWorkers are pretty locked down right? They can't seem to do much besides postMessage.

I am surprised there isn't something along those lines.

It depends on what you are trying to sandbox. Web workers are completely isolated from their parent page (with the exception of whatever data you send across via postMessage()), but they can still do things like HTTP requests.

Can one provide the necessary API from JavaScript, even by passing messages between WASM and JS? Embedding another JavaScript engine into a Web app seems terribly wasteful.

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.