[Sandboxed function] Restric capability of a function

[Xyncgas]

Via attributes, disallowed anything for example IO a function can do, then white list say a directory
it's like you are putting the entire function in a sandbox so it's impossible for it to harm the host that's running the function

[stephentoub]

This is what Code Access Security (CAS) provided. It's been deprecated and there are no plans to bring it or similar feature sets back.

[Clockwork-Muse]

Note that at least part of the reason the capability was removed is that it gives a false sense of security, and that many of the features it provided are better handled at the OS level (for your I/O example, you'd deny permissions to that directory).

[Xyncgas]

On the webassembly and the browser side you get sandbox, if you let the OS handle it you are relying other people to restrict the capability of your application, I would imagine programmers like their application to be able to do everything

[Clockwork-Muse]

The browser sandbox is something the browser enforces, not a programming framework (or the OS). That is, the application does things like check any paths, or in most cases just doesn't provide APIs for the execution engine to call. To take your path example, wasm/JavaScript applications do NOT get to make calls to read client-side directories - they tell the browser "please ask the user to select a file/directory to give to me", and after the user selects it the application gets file byte streams, but not access to the actual files.

[AartBluestoke]

the other problem is that while blocking the common system way of doing these things, there were often many complicated work-arounds for doing things (eg, reflection created system calls) that allows escaping sandboxes - if you can't trust a program, you can't trust a program to set its own security boundaries.