I’m working on a project where players can place graphical objects on a website and animate them with scripts. As the scripts are going to be shared to all participating clients, the scripting environment must be sandboxed, so that users can’t ultimately destroy other users experience for all parts of the page.
It is crucial that the scripts can access shared visual content. Therefore I can’t isolate them in iframes entirely – besides that I’m wondering if there’s a smoother approach to separate contexts.
I have been dabbling with a native version, where I used separate contexts using the V8 javascript engine, but now I want to bring this to the browser – even if it’s just Google Chrome only.
Got any ideas?
Sandboxing JavaScript is inherently difficult, chances are that the script will manage to break out no matter how hard you try. A better course of action might be loading the scripts into an
iframewithout direct access to the main frame and allowing it to communicate with the main frame viawindow.postMessage(). You could then define an API that the frame is allowed to use this way without being given too much power.Edit: Same thing is possible with Web Workers as noted in Is It Possible to Sandbox JavaScript Running In the Browser?, browser support for web workers isn’t quite as widespread as for
window.postMessage()however (compare http://caniuse.com/#search=postMessage and http://caniuse.com/#search=workers).