I have a basic code mirror editor set up, and I am building my own test runner with the chai assertion library.
Since the user will be submitting code I am quite concerned how to keep the web app secure and I don't think I will be using any of the famous node sandbox packages such as vm or vm2. Even isolated-vm does not sound like a safe solution.
The two possibilities I am considering are:
Running the tests with user code on the frontend inside of an iframe and keeping that user code completely off the backend.
Using netlify edge functions to execute the user submitted code inside an endpoint on the cdn.
Is it safe to use a netlify edge function to test user submitted code? I am not sure about how this works because the edge functions are typically executed on a cdn, so I am not sure if am correct in assuming that the edge function endpoint is isolated.