WorkerBox.net

Free and Open Source, on Github

A secure sandbox for you to run end user JavaScript safely away from your own application.

Code is run in it's own subdomain of workerbox.net
Code is run in a WebWorker

Demo

The following is a demo of using WorkerBox to create a plugin architecture for a web UI. There are messages on the right, and an action bar that you can add commands to.

It will be impossible for you to effect the DOM of this page, without using the deliberately exposed methods on the scope.

Scope

The scope is how you communicate with your users code.

For this demo, you can't edit the scope, as it's hard coded into the demo app.

User Playground

You can edit the code below and see the results on the right.

Result

Toolbar

Messages

Message one

Return:

Running

How does it work?

An iframe is inserted into the page from a completely separate domain.

The iframe then creates a web worker, and handles posting messages between the iframe, webworker and your own app.

Because the only communication between the user code and the workerbox instead is done through messaging, the argument inputs and outputs must all be serializable. We use SuperJSON for serialization and deserialization.