I'm looking at the possibility of creating a
iframe in which the HTML + JS of the programmer would be executed in
sandbox (so it can not affect the top page) and combine it with
postMessage and an internal API to allow some bidirectional communication.
... that works for me, but it generates visualization problems: in
iframe there may be elements that are dragged and that would be cut if the user moves them towards the limits of
iframe (and I'm interested in for the user there is no difference between site and
Is it possible to discard
iframe and put the programmer's code directly on the page if possible in a secure manner? That is, would it be possible to run your JS file in sandbox mode or limit the functions it executes? (similar to how a
<script src="/ruta/a/js/del/usuario.js" sandbox></script>
I know that does not work because the
script tag does not have
sandbox attribute, but is there something similar? And if not, how could it be simulated?