Sandboxed Snap with JS enabled

Not sure whether or not this is the right category, but this is a sandboxed version of Snap! that supports JS without enabling "Javascript extensions." Of course it can't access the cloud because it's blocked by CORS, which means that it's sandboxed from your Snap! account. It isn't foolproof though because it can still do evil things with JS. It sets Process.prototype.enableJS

This should probably be in #advanced-topics:extensions

If you logout you will be "sandboxed" as well :wink:
And JS enabled with one line user script.

Some people might want their accounts to stay logged in.

I have a question: how is this sandboxed?

Because accessing the cloud (retrieve/save projects) is impossible. And logging also. is untrusted by Snap! backend, so requests from this pages will be denied.

Cant you make a way to block certain JS functions? @bh you could use this too, blocking some functions.

Probably very hard. So, likely no. Plus, put alert("Hello, world!"); into this.

And how would I do that?

I do not know:)

How does the Sandboxing work, or is it just relying on CORS?

Are there any other modifications you’ve made?

Just CORS. The title is a bit misleading but I don't know of a better way to put it