Open XadillaX opened 2 years ago
This would need to be defined a whole lot more before we can progress. Node.js' vm
module is absolutely not a sandbox.
For most situation, something like vm
is enough. It's a bit safer than eval
.
Since Winter is a non-browser runtime spec, I think this ability is necessary.
This can fall into the coverage of ShadowRealm and its Web integration.
Node's vm
is useful in building sandbox-like environments, as Node exposes many sensitive and powerful APIs by default. This is not necessarily the case for the common minimum APIs we're discussing here. So far, looks like we may put things like file or system env access out of the scope, so the first question is: what would be the purpose of such a sandbox?
Currently, there's not enough common api surface here shared across multiple runtimes to justify adding anything to the common API surface. This could make sense as a separate workstream but doesn't make sense for the minimum common api doc at this time.
I think sandbox related APIs are needed in some SSR situation. Just something like Node.js'
vm
.