"The untrusted code may then interact with the main application by directly calling those functions," writes Prokashev in his explanation of Jailed, "but the application owner decides which functions to export, and therefore what will be allowed for the untrusted code to perform."
send()method, essentially a remote procedure call.
Jailed's other specialty -- modern web browsers -- is arguably the one area you'd most want on-the-fly isolation from untrusted code. Jailed works in that situation by spawning a web worker background thread and running the script in a sandboxed iFrame.
file:// URL), any code it loads will also have access to the local filesystem. This can be avoided by loading the code from a local server or by running it in a Node.js instance.
Jailed could be expanded to accomplish this by making it part of an automated code-testing methodology. Normally, when testing code with Jailed, the developer needs to manually map the functions inside the sandbox to functions outside of it. A test framework could automatically enumerate the untrusted code's functions, export them as a list, and optionally have that listed reviewed by the developer before hooking them up to other functions.
Sign up for CIO Asia eNewsletters.