Restricted Eval

Kris Zyp kriszyp at
Wed Nov 14 22:11:30 PST 2007

> On Nov 1, 2007 3:46 PM, Kris Zyp <kriszyp at> wrote:
>> >> It's a sandbox, right? Should be safe. Not so fast:
>> > last they gave up.  rexec was removed from the language.

With the complexity of creating and verifing a sandboxing eval that allows 
shared mutable objects with some degree of safety, is it conceivable that 
ES4 could alternately pursue sandboxed eval through a shared nothing 
construct? I remember that Brendan mentioned that Google Gears approach is a 
good model, but that it would be premature to standardize. I agree 
standardizing on the actual Gears API would be strange, however, wouldn't 
taking a shared nothing approach to sandboxing (using messaging) like gears 
(but with our own API) be a safer and easier to analyze approach to 
sandboxing and more reasonable in terms of time constraints for inclusion in 
ES4 than the scopable eval? Shared nothing techniques are hardly a new PL 
concept, albiet I am sure it is still not a trivial addition.
Just thinking about what it could look like:
mySandbox = new Environment(myScriptToSandbox);
onmessage=function(message : string) {...}
And of course, it seems hard to resist the temptation to entertain the hope 
that this could be a possible API for adventurous implementors to use for a 
concurrency construct (use the same API for ConcurrentEnvironment), which 
could advise ES5's work on concurrency.

More information about the Es4-discuss mailing list