Sandboxed Snap with JS enabled

programmer_user · September 16, 2021, 4:18pm

Not sure whether or not this is the right category, but this is a sandboxed version of Snap! that supports JS without enabling "Javascript extensions." Of course it can't access the cloud because it's blocked by CORS, which means that it's sandboxed from your Snap! account. It isn't foolproof though because it can still do evil things with JS. It sets Process.prototype.enableJS
https://js-snap.programmeruser.repl.co/snap.html

joecooldoo · September 16, 2021, 4:35pm

This should probably be in #advanced-topics:extensions

dardoro · September 16, 2021, 5:16pm

If you logout you will be "sandboxed" as well
And JS enabled with one line user script.

programmer_user · September 16, 2021, 5:49pm

Some people might want their accounts to stay logged in.

joecooldoo · September 16, 2021, 6:24pm

I have a question: how is this sandboxed?

dardoro · September 16, 2021, 6:42pm

Because accessing the cloud (retrieve/save projects) is impossible. And logging also.
programmeruser.repl.co is untrusted by Snap! backend, so requests from this pages will be denied.

earthrulerr · September 17, 2021, 12:21am

Cant you make a way to block certain JS functions? @bh you could use this too, blocking some functions.

warped_wart_wars · September 17, 2021, 12:31am

Probably very hard. So, likely no. Plus, put alert("Hello, world!"); into this.

programmer_user · September 18, 2021, 5:22pm

And how would I do that?

earthrulerr · September 18, 2021, 9:05pm

I do not know:)

cycomachead · September 19, 2021, 12:32am

How does the Sandboxing work, or is it just relying on CORS?

Are there any other modifications you’ve made?

programmer_user · September 21, 2021, 9:28pm

Just CORS. The title is a bit misleading but I don't know of a better way to put it