5

I am trying to isolate user JavaScript code for security. I can do this via Iframe security and message passing.

Is there a JavaScript runtime that can be loaded via webassembly to which i can pass something simple like '5+3' and read the result.

If this was c# etc I could new up and manage a V8 engine and have it execute the javascript and pass back to the host.

maxfridbe
  • 5,872
  • 10
  • 58
  • 80
  • I'm not sure what the overhead would be, but you can always actually use an iframe, pass from C -> Your Javascript -> eval in iframe -> your Javascript -> C. Although the only thing you'll be able to pass that way will be typed arrays or things that can be serialized to/from such, and I'm not sure that there would be any way to actually secure it. – Jared Smith Apr 25 '20 at 12:37

1 Answers1

4

JavaScript engines are typically written in C++ making them an ideal candidate for compiling to WebAssembly using Emscripten. And yes, you could use this for the purposes of isolation - see this excellent blog post from Figma that discusses that specifically:

https://www.figma.com/blog/how-we-built-the-figma-plugin-system/

It also discusses various other useful options such as Realms.

ColinE
  • 68,894
  • 15
  • 164
  • 232
  • 2
    Thank you, this lead me to https://github.com/justjake/quickjs-emscripten which may be the answer, will mark it as answer if it pans out. found older https://github.com/kareniel/duktape-wasm also – maxfridbe Apr 27 '20 at 23:34