* Is independent of the host distribution
* Has no access to any system or user files other than the ones from the runtime and application itself
* Has no access to any hardware devices (GL rendering supported)
* Has restricted network access
* Can’t see any other processes in the system
* Can only get input via standard APIs
* Can only show graphics via DOM/Canvas/WebGL/SVG/MathML
* Can only output audio via Audio Tags/Web Audio/MSE
* plus more sandboxing details
* Is independent of the host distribution
* Has no access to any system or user files other than the ones from the runtime and application itself
* Has no access to any hardware devices (GL rendering supported)
* Has restricted network access
* Can’t see any other processes in the system
* Can only get input via standard APIs
* Can only show graphics via DOM/Canvas/WebGL/SVG/MathML
* Can only output audio via Audio Tags/Web Audio/MSE
* plus more sandboxing details