Evaluating JS Safely

I’ve been trying to learn how to create a JS code editor that can run the JS code (much like FCC’s own editors that run the JS code).

I have two questions:

  • How does free code camp protect itself from unsafe / malicious code?
  • How does one implement a JS sandbox from which to safely evaluate code?


FCC didn’t write its own code editor. It uses the Monaco Editor created by Microsoft.

I don’t think they’re asking about the editors specifically, I think they’re asking how one can safely execute user-inputted code, protecting the site as well as the user

I don’t have a great answer for that I think

There is a very early Codepen Radio episode about how they do this… I’ll see if I can dig it up.


1 Like

Thanks @JacksonBates, the link you provided answered my questions!

For others reading this thread … The answer is: Use <iframe /> elements to create sandboxes! The html5rocks article inside the codepen blog explains it thoroughly.

1 Like