Best not allow the user to specify message names (wrap them in another message). Messages starting with NODE_ have internal meanings (search the documentation for internalMessage).
Testcase:
const Sandbox = require('sandbox')
function runInSandbox() {
postMessage({
cmd: "NODE_HANDLE",
type: "net.Server",
})
}
void function() {
const s = new Sandbox();
s.run(`
${runInSandbox.toString()};
runInSandbox();
`)
}()
Best not allow the user to specify message names (wrap them in another message). Messages starting with NODE_ have internal meanings (search the documentation for internalMessage).
Testcase: