WorkerBox Demo
source link: https://workerbox.net/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
WorkerBox Demo
WorkerBox.net
Free and Open Source, on Github
A secure sandbox for you to run end user JavaScript safely away from your own application.
- Code is run in it's own subdomain of workerbox.net
- Code is run in a WebWorker
The following is a demo of using WorkerBox to create a plugin architecture for a web UI. There are messages on the right, and an action bar that you can add commands to.
It will be impossible for you to effect the DOM of this page, without using the deliberately exposed methods on the scope.
Scope
The scope is how you communicate with your users code.
For this demo, you can't edit the scope, as it's hard coded into the demo app.
User Playground
You can edit the code below and see the results on the right.
Result
Toolbar
Messages
- Message one
Return:
Running
How does it work?
An iframe is inserted into the page from a completely separate domain.
The iframe then creates a web worker, and handles posting messages between the iframe, webworker and your own app.
Because the only communication between the user code and the workerbox instead is done through messaging, the argument inputs and outputs must all be JSON serializable.
Caveats
1. Storage
Web workers can't use cookies or localStorage, but even if they could they would be isolated to third party domain that is running the code.
However, there are some ways to store data. For example, indexDB.
While your unsafe user code can not access the indexDB of your own site, it can use the instance on the server's site.
But remember, anyone can run untrusted user code on the workerbox site. So if your users store data on the workerbox domain, technically anyone can view that data.
Therefore, you should advise your users not to store any data using the web workers API.
Of course, you could provide an abstraction on the `scope` that would safely allow you to store data on your own domain.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK