Are web workers a secure way to sandbox untrusted javascript code

Question

I was wondering if a web worker would be a secure way to sandbox untrusted javascript code. Let\'s say for example in the context of a drawing application where developers can i

Answer 1

DOM is not available to the Web-workers, but it is possible to access same-origin stuff, like indexedDB. See my related question on this:

Can workers be secure enough for an untrusted code

The secure way is to use sandbox attribute of the iframe:

http://www.html5rocks.com/en/tutorials/security/sandboxed-iframes/

Also take a look at my library which simplifies the process and provides the convenient connection with the sandbox (function export instead of messaging):

https://github.com/asvd/jailed