Clone this wiki locally
When players type code into your website, you can do one of three things:
eval()their code - let them hack the level and break their own page if they want to, but don't let other players run that code, since it's a security risk.
- Send the code to your server, where you can lock it way, way down in its own process, run it, and send it back to the player. If it explodes, tell them it didn't work.
Why? It turns out you have to be crazy like this if you want to provide live-coding performance, friendly error messages, multiplayer security, offline play, and time-travel debugging, Bret-Victor-style.