JS Runner
Run JavaScript snippets without opening DevTools. Sandboxed execution — your code cannot access the page, cookies, or local storage. Ctrl+Enter to run.
How It Works
Your code runs inside a hidden <iframe> with sandbox="allow-scripts". This attribute isolates the iframe in a unique null origin — it cannot read the parent page's variables, DOM, cookies, or localStorage. All console output is sent back via postMessage.
Execution has a 5-second hard timeout. Async code using Promise, setTimeout, or fetch is supported within that window.
Supported APIs
- console —
log,warn,error,info - Async —
Promise,async/await,setTimeout - Standard builtins —
Math,Date,JSON,Array,Object,String - ES2020+ — optional chaining, nullish coalescing, BigInt,
structuredClone - fetch — works but cross-origin requests may be blocked by CORS
Keyboard Shortcuts
- Ctrl+Enter — Run the code
- Tab — Insert 2-space indent
Limitations
- No
documentorwindow.locationaccess - No
localStorage/sessionStorage - No module
importstatements - State does not persist between runs
Frequently Asked Questions
Is it safe to run untrusted code here?
The sandbox prevents the code from accessing your browser data (cookies, localStorage, parent page DOM). However, it can still make network requests to external URLs. Never run code you don't trust — this tool is designed for testing your own snippets.
Why doesn't console.table or console.group work?
Only console.log, warn, error, and info are intercepted. Other console methods are not mapped to the output panel — they fall back to the browser's native console.
Can I use import/require?
No — the sandbox runs as a classic script without module support. You can use any built-in browser API available in the sandboxed context, but you cannot import external modules or npm packages.
Does state persist between runs?
No — each run creates a fresh sandbox iframe. Variables, functions, and objects from a previous run are not available in the next. This avoids let/const redeclaration errors and keeps runs independent.