Giulio Muscarello

A somewhat hacky solution could involve AST rewriting to manually wrap each property access. For instance, `let x = foo.bar` would be rewritten to `let x = (x => (x...

@io4, replacing Function, eval and the like at runtime is certainly possible with AST rewriting and it's not terribly difficult either. However, it does incur a heavy performance hit, both...

#227 is of interest, especially since Realms was mentioned specifically for browser sandboxing.

If you're running test cases that you know to be safe, you can temporarily replace vm2 with the native vm to track down the error.

@patriksimek, I devised a simple implementation based on an exception parser/rewriter. I think it would be worth it to integrate it in vm2 as an optional error handler. ```js const...

Patrik, does the implementation sketch look okay overall? If so I can make a PR and we can work from there.

Just leaving a comment to notify people who are subscribed to this issue -- I opened a PR, so you can track the progress there.

Thanks for the mention, @io4! (I'll also mention @denysvitali for helping find the vulnerability ;) ) I really suggest everyone **not to roll your own solution**, because it can be...

Also, pinging @josdejong - seeing that you also had trouble sanitizing JS, I think you may be interested if we do come up with a good solution.

I found this while searching for other things: https://github.com/browserify/vm-browserify It is too late in the night now, but tomorrow I'll try it and figure out whether it is a suitable...