If we run a sandbox code within a separate deno process then we can simply timeout it and send a SIGKILL signal.
Per-worker isolation
Web workers have a terminate method which kills the worker immediately. What you could do is have worker send a ping message every X ms and if that message is not received then worker is essentially blocked and should be restarted (terminate and create a new one).
I have just tested this approach and it seems to be working. It takes a bit of time to start a new worker though.
What if user submitted code has infinite loop?
That is a good question!
If we run a sandbox code within a separate deno process then we can simply timeout it and send a SIGKILL signal.
Web workers have a
terminatemethod which kills the worker immediately. What you could do is have worker send a ping message every X ms and if that message is not received then worker is essentially blocked and should be restarted (terminate and create a new one).I have just tested this approach and it seems to be working. It takes a bit of time to start a new worker though.