Menu
I was wondering if a web worker would be a secure way to sandbox untrusted javascript code. Let's say for example in the context of a drawing application where developers can implement new drawing tools, you could put their code inside a webworker, and any time the user clicks on the canvas, send them a JSON message containing the cursor position, and an array of image data, and when the script is done, it passes a message back containing the new image data.
Would this be secure, or are there risks I'm not thinking of?
315
Opt-in sandbox features and same-origin Iframe accessWeb Workers are unconditionally sandboxed from their execution context meaning they are strictly unable to access anything from the host.
The implementation of web workers ensures safe, conflict-free execution in two ways: A distinct, isolated global environment for the worker thread, separate from the browser environment. Pass-by-copy exchange of data between main and worker threads in the postMessage() call.
Sandboxed JavaScript is a simplified subset of the JavaScript language that provides a safe way to execute arbitrary JavaScript logic from Google Tag Manager's custom templates. To provide a safe execution environment, some features of JavaScript are restricted or removed.
It is not possible to build a secure sandbox or run untrusted code using the vm module in any capacity, full stop.
DOM is not available to the Web-workers, but it is possible to access same-origin stuff, like indexedDB. See my related question on this:
Can workers be secure enough for an untrusted code
The secure way is to use sandbox attribute of the iframe:
http://www.html5rocks.com/en/tutorials/security/sandboxed-iframes/
Also take a look at my library which simplifies the process and provides the convenient connection with the sandbox (function export instead of messaging):
https://github.com/asvd/jailed
158
The problem with that is if the developers expect DOM access. Web Workers aren't allowed to handle DOM, unless the entire code is for data only.
I suggest you sandbox the entire app from the main domain, similar to how JSFiddle runs everything in iframes. That way, all potentially hazardous code can only work in that frame while all other things, like logins, are handled outside the frame, in the main domain away from the potentially dangerous code.
Best of all, just include safe code. Review the code before merging it in your main app.
34
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
