[couchand]

That's cool, but... code or it didn't happen. Are you running an APL interpreter client-side or shuttling the code and data back to the server? If it's the latter, are you sandboxing in some way the arbitrary code being executed?

[RBerenguel]

Yes, that's the thing. At the current point it is usable (barely) as an APL/javascript REPL, but there are several corners that are very rough, not counting unhandled data structures and such. Every time I have some spare time with some clear mind I work a little on it, so it's not stalled, but has been going for quite a few months already without much improvement.

As for your question, data goes back to the "server" (there's go code interacting with the APL interpreter and sanitising inputs and outputs, converting to JSON, etc) but this is expected to be used as a local service (using a port not listening to the outside world), so no, no arbitrary code execution failsafes (if I were to deploy it in some real, server-ed way I'd isolate interpreters via sessions in the go 'middle' layer).