An Icebox is better than a bad sandbox

[ricochet1k]

Since it is difficult to sandbox JS, this is a different approach. It is possible and easy to get access to the prototypes of the outside world's primitive objects, but that alone is not dangerous. It becomes dangerous when the host's prototypes are modified. So lets create an icebox by freezing the host's objects and prototypes.

Unfortunately, Object.freeze blocks child objects from overriding properties, so this is a customized version of Object.freeze that allows children to overwrite properties. The effects on the frozen object are identical.

The security violation checking code has been removed since it was checking property descriptors, and it is now impossible to violate.

While this doesn't guarantee that user code can't escape, it does dramatically reduce the amount of code that can be exploited.

[artch]

This is quite interesting! However, it's a major refactor and it will take some time to get it properly tested. And actually right now we're working on a total re-design of the entire runtime engine based on isolated-vm (see here), so I cannot guarantee this PR will ever make it to production.