A plain old div

What's this all about?

This is an experiment with using workers as a Sandbox for user code. the code from the textbox is executed using eval() inside the worker. The worker has no direct access to the DOM. The ability to draw to the canvas is explicitly allowed via a single drawImageData() call.

Is this secure?

I don't know. It looks fairly safe to me. I'd appreciate feedback lerc (at) screamingduck dotcom. If you can think of ways to abuse it and how that might be avoided.

CPU and memory can be consumed easily enough but in a separate thread. A browser should be able to protect you from such excesses in much the same way as it does with a tab with a broken page.

Browser support?

It runs in recent Firefox and Chrome. It requires the ability to send ArrayBuffers to and from workers. Opera does not support this yet. Probably not IE either. Android browsers have moved backwards a bit with respect to workers and seem to not allow them at all at the moment.

The ideal behaviour would be universal support for transferable objects. For this particular example, things would be a lot smoother if Canvas replaced CanvasPixelArray with Uint8ClampedArray. Currently Chrome, supports transferrable objects and FireFox does ImageData with Uint8ClampedArray.That means no browser is ideal, but I expect all browsers will be headed in this direction quite quickly. They make good sense.

Sending a frame-buffer is by no means the most efficient method of doing things, Constructing a small but versitile API wouldn't be too hard, Providing a protocol to send drawing instructions directly to WebGL, would gain a lot of performance for little overhead.

What is it good for?

The use case I imagined would be for instances where you wish to allow user provided active content in a page. Some sites allow you to do this with swf files, You could theoretically do something like that with iFrames but both Flash and iFrames give too much in some areas and take away too much in others.

Using this approach, the site can specifically allow what the user content can do. For example, a simple framebuffer approach would allow users to design custom animated avatars, user code would not be able to access any form of input and, most importantly, not be allowed to play any music.