You're running JS (an 'interpreted', managed language) - it's already intentionally designed to be executed in a sandbox. Unless you provide hooks out to the host system, it can't do anything bad. With mquickjs, the untrusted code can't even overflow your heap or take too much execution time.
If you were running untrusted C or something, it would make more sense to add the WASM layer.
alt Hacker News
Because what's the point?
You're running JS (an 'interpreted', managed language) - it's already intentionally designed to be executed in a sandbox. Unless you provide hooks out to the host system, it can't do anything bad. With mquickjs, the untrusted code can't even overflow your heap or take too much execution time.
If you were running untrusted C or something, it would make more sense to add the WASM layer.