[throwaway92394]

> Unfortunately only mobile OSes are on the forefront of this.

I'm not sure why the OS would have to manage this. For example when using electron you can use node's vm and run js in a seperate context. Its a seperate process but doesn't require anything special from the os for it.

mobile OSes do sandbox the entire program usually by default though.

Ubuntu sorta tried to with snapd. Windows tried to with UWP.

[pjmlp]

Because that is why the OSes exist in first place, to provide common services to applications, otherwise we could still code like in the old 16 bit days, a bit like Arduino nowadays.

Windows is still trying, hence why now WinUI 3.0, WinAppSDK and packaged applications.

Likewise Ubuntu hasn't given away snapd, rather doubled down on it.

Yet none of them are as enforceable as iOS and Android are. It isn't only the program that is sandboxed, plugins are also required to be installed as separate packages and communicate over IPC with the host.

[mst]

I think the idea is that the OS has a better chance of keeping the plugin isolated than a VM sandbox.

I'd certainly trust v8's sandboxing over any attempt to do it myself but OS level sandboxing + IPC seems like an even better idea if you're trying to be really sure.