Are web workers a secure way to sandbox untrusted javascript code

前端 未结 2 628
Happy的楠姐
Happy的楠姐 2021-02-08 12:52

I was wondering if a web worker would be a secure way to sandbox untrusted javascript code. Let\'s say for example in the context of a drawing application where developers can i

2条回答
  •  鱼传尺愫
    2021-02-08 13:01

    The problem with that is if the developers expect DOM access. Web Workers aren't allowed to handle DOM, unless the entire code is for data only.

    I suggest you sandbox the entire app from the main domain, similar to how JSFiddle runs everything in iframes. That way, all potentially hazardous code can only work in that frame while all other things, like logins, are handled outside the frame, in the main domain away from the potentially dangerous code.

    Best of all, just include safe code. Review the code before merging it in your main app.

提交回复
热议问题