Skip to main content

JS runtime

Moyuk's apps are executed in a sandboxed environment. The runtime consists of iframe sandbox, Web Worker and CSP.

Browser requirements

Moyuk only tested on the latest versions of Chrome.

Available APIs

Because the runtime is based on Web Worker, you can use all the APIs that are available in the Web Worker. However, there are some restrictions.

Eliminated APIs

Moyuk's runtime eliminates some APIs that are unnecessary for Moyuk's apps. The APIs that are eliminated are:

  • The APIs only for the browsers.
  • Eliminating APIs is not for security reasons, but for the future compatibility.
  • Although Moyuk's runtime is currently based on Web Worker, we may change the implementation in the future.

Network access

You can use fetch to access the network. However, there are some restrictions.


The runtime denies all network accesses by default. The users must explicitly grant the permissions to the apps. This feature imitates Deno's allow-net permissions.


This feature is achieved by CSP. The runtime dynamically generates the CSP header based on the permissions users granted.


The CORS policy may affect the network access. The destination server must provide Access-Control-Allow-Origin: * header to allow the access.


Maybe we will provide a proxy server to bypass the CORS policy in the future.