[7777fps]

A handler for executing arbitrary code. What could possibly go wrong?

[KMnO4]

We already allow arbitrary code to execute by clicking a link, in the form of JavaScript.

You may argue that JS is sandboxed, but so is DOSBox. At least DOSBox can’t easily connect to remote servers over the internet.

[7777fps]

Correct me if I'm wrong, I haven't used DOSBOX for a decade but doesn't it have the ability to access hard drives and mount them?

Given that, it's not much of a sandbox.

Or does that require intervention from the host system rather than auto-mounting home and similar?

[HellMood]

I would clearly prefer a web browser with a dosbox to the "real" dosbox when it comes to safety...

[7777fps]

Then I agree completely, and must have misunderstood what was proposed by a handler. Typically a handler will launch an external application such as mailto, ftp, magnet, etc.

If we want to run code in browser there is WASM.

So is the proposal that it would it be beneficial to have a DOS-like OS or x86 emulator in WASM for running COM files?

Yes, that would be better and more sandboxed than dosbox running outside the browser.

[flohofwoe]

Run the code in an emulator, with the emulator implemented in WASM running in a web browser. That's enough sandboxing to be "reasonably secure".