javascript - Limiting a Web Worker's resources and permissions -

i creating web platform host third party applications. in order make secure, need foreign scripts run in isolated environments. in html5, came down 2 options:

• iframes
• web workers

they can both prevent access main thread* , dom, still need limited in terms of memory resources , internet access. possible limit ram web worker/iframe can use , block access xhr object (and websockets , other way access web)?

*iframes still on main thread think that's ok

google has done of heavy lifting caja.

they use create safe 'sandbox' adverts run on page while isolating them doing damage.