sandbox mode without access to global scope

[imolorhe]

I'm trying to understand how sval works and particularly the sandbox. Is it possible to evaluate the code without allowing access to the global scope object, when running untrusted code?

[Siubaak]

I think it's possible, if we complement all global objects by our own to prevent prototype pollution. However I've found the SES which may be a better choice.

[imolorhe]

I've looked into ses but it requires unsafe-eval to work unfortunately

[Siubaak]

SES complemented by Proxy + Object.freeze. I think we can also use these apis to complement a sandbox by our own.