A sandbox is an act of creating an area in which no other part of the application can work (unless an opportunity is provided). More specifically, it is usually a function domain that provides a limited subset of what is actually going on inside it.
One library based on the sandbox idea is YUI3. The main unit of the application is the test environment of the YUI instance:
var Y = YUI(); // creates a configurable YUI instance // Creates a sandbox for one part of your application, // including the 'node' module. Y.use('node', function(Z) { // Z is a YUI instance that specific to this sandbox. // Operations inside it are protected from outside code // unless exposed explicitly. Any modules you request in // use statement will be separately instanced just for // this sandbox (in this case, the 'node' module) // // That way, if another part of your application decides // to delete Z.Node (or worse, replace it with a // malicious proxy of Z.Node) the code you've written // here won't be affected. });
The benefits of a sandbox are basically reduced application complexity: since sandboxes are immutable, itβs much easier to reason and verify. They also improve runtime security because a well-designed sandbox should work as a black box for other scripts running on the page. It does not prevent all possible attacks, but protects against many simple ones.