Replies: 2 comments 7 replies
-
@tsdexter I am glad you asked. My intent in this repo is to share experiences code or components on how to make interesting stuff for jscad and beyond. I am no expert at this, but I did play with it for some time. There are two ways to execute code in isolation: worker (done in jscad as it does not need DOM access) or in an iframe like did in this explainer for jsx (that is bit out of date, as it does not cover jsx-runtime and jsx-dev-runtime). much of the code is in progress so much so that only few things got a npm release. This package handles Anyway, I will be glad to help, and in the process I will likely have more ideas what to put in readme for others to find too. |
Beta Was this translation helpful? Give feedback.
-
@tsdexter I accidentally had an idea and googled it a bit. It looks like there is a way for service worker to change/strip headers. one of links I stumbled upon : https://stackoverflow.com/questions/49503836/serviceworker-is-it-possible-to-add-headers-to-url-request So my idea is since jscad worker uses ServiceWorker anway I can augment ServiceWorker to strip cookie and Authorization headers from requests, thus nerfing xss attempts. I will definitely try to access authorised url for test from worker, and then try it also with ServiceWorker striping headers. |
Beta Was this translation helpful? Give feedback.
-
Hi @hrgdavor , not a question/issue specific to this app - but can you point me in the right direction where/how you add a code editor and how you run the code browser side (without risk of XSS etc, ideally)? I want to implement a code editor in a web page that also runs the code similar to what you've done with this app.
Beta Was this translation helpful? Give feedback.
All reactions