I'm building a web platform, similar to CodePen, but it will focus solely on JavaScript and allow me to create my own APIs without any DOM interactions. Think of it as a JavaScript version of Scratch. However, I'm stuck on how to execute the JavaScript code safely while blocking access to browser-specific features like fetch and the DOM. Any suggestions on how I can achieve this?
4 Answers
You really should search for "javascript interpreter in javascript" before asking here. There are numerous projects out there that could meet your needs!
Don’t be too hard on them! We all start somewhere, and sharing info is what forums are for.
Have you considered using the `sandbox` attribute on an iframe? It could offer a way to run your JavaScript in a restricted context.
A solid option would be to use a WebAssembly JS engine like QuickJS. It's supported by various WebAssembly ports and can securely run JavaScript code, making it great for what you are aiming for.
You might want to look into using a web worker and define exactly which APIs you want to expose. This way, you can control what the JavaScript has access to while keeping it isolated from the main browser context.
I appreciate the tip! I did some searching, and it looks like there are some interesting options out there.