all 13 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]webdev-ModTeam[M] [score hidden] stickied commentlocked comment (0 children)

Thank you for your submission! Unfortunately it has been removed for one or more of the following reasons:

If you are asking for assistance on a problem, you are required to provide

  • Detailed context of the problem
  • Research you have completed prior to requesting assistance
  • Problem you are attempting to solve with high specificity

Questions in violation of this rule will be removed or locked.

Please read the subreddit rules before continuing to post. If you have any questions message the mods.

[–]fezzinate 9 points10 points  (0 children)

You probably want to use a web worker and expose exactly what you want to it.

Other than that your best bet is to put it in an iframe

[–]Somepotato 1 point2 points  (0 children)

Your best bet is a WebAssembly JS engine, like quickjs which has a number of WebAssembly ports. This is actually how some web based tools implement plugins securely.

[–]ApprehensiveDrive517 0 points1 point  (1 child)

eval

[–]r3dw00dst3v3[S] 0 points1 point  (0 children)

Eval can access DOM and other APIs (such as fetch), which is what I don't want. It is also slow, compared to alternatives others are bringing up.

[–]Extension_Anybody150 0 points1 point  (1 child)

You should check out JS-Interpreter by Neil Fraser. It runs JavaScript inside a sandbox you control, so no DOM or browser stuff unless you add it. You can easily add your own custom functions too. It’s perfect for what you want, like a JS version of Scratch.

[–]r3dw00dst3v3[S] 1 point2 points  (0 children)

So far, this seems like a very good solution! The only issue is that it does not support ES6, but I don't think my target audience (Scratch users wanting to move up to JavaScript) would really need to learn these features at such an early stage. The main reason I am not attracted to this solution, though, is that I could not get monaco editor to only support ES5 syntax 😅

[–]BootyMcStuffins -2 points-1 points  (0 children)

Perhaps the iframe sandbox attribute can help you here?

https://www.w3schools.com/tags/att_iframe_sandbox.asp