Y
Hacker News
new
|
ask
|
show
|
jobs
by
nolist_policy
4 days ago
The best isolation is inside a Service Worker, where the script is served with Content-Security-Policy: sandbox header.[1]
[1]
https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/...
1 comments
Lerc
3 days ago
I'm not sure if service workers are particularly amenable to having Developer A provide an interface for User B to run untrusted code made by Developer C, D and E.
link