I want to write an app in rust that is extensible with plugins written by (untrusted) users. Those plugins are downloadable via a web platform and can be installed by any user of the core software, but of course I want to protect the naive from the malicious users and have the plugins run in a sandboxed environment. Still the plugins should execute as fast as possible.
My take is to use wasm and a javascript sandbox as an interface.
- Write main app in rust.
- Users write plugins in rust and compile to wasm using the
wasm32-unknown-unknowntarget. - Users create javascript bindings using wasm-bindgen
- The core app emloys a javascript engine like V8 to execute the javascript frontend of the plugins.
I see a few downsides with this approach, mainly going through javascript and it's engines which seems unnecessary. Isn't there a faster approach to execute sandboxed web assembly directly from rust?
If you only need Rust and not JavaScript plugins, you can use only-WASM engine such as wasmer or wasmtime. They are usually lighter than full JavaScript engines.