Published in


PythonFiddle: Fully private client-side sample code execution and sharing

PythonFiddle in action
  • Privacy: There are two parties who need to be concerned about privacy: the user and the service provider. For users the main concern is what is done with their data. Will it be stored on the servers or possibly left accessible in logs. The provider on the other hand will need to know what they can and cannot do with user data, and if they’ll need to inform or ask the user for consent. This is particularly true in cases where the data isn’t just code snippets.
  • Security: Allowing execution of arbitrary, user-written code can leave service providers vulnerable to abuse. It’s possible to harness the computational power meant for running the application for malicious purposes, like DDoS attacks or crypto mining. These are real problems for any platform that allows anonymous execution. This problem is extremely difficult to solve, since users are fundamentally unpredictable, whether we are speaking of the code they produce or their intentions with the application. Often primitive solutions such as timeouts, quotas and banning packages or libraries are used as a workaround.
  • Cost: As low as the computing costs might be, somebody will still need to fork over the payment for those servers. The scalable nature of the cloud implies that, as the project gains more success, the costs will also scale. This may become an issue for single developers, Free and open-source software projects, or non-profit organizations.
A fiddle implementation using the cloud vs using CheerpX

What is CheerpX?

  • Robustness: most programs will just work without issues. Compiling from source to Wasm is technically possible, but would lead to us needing to support many more individual use cases, and a lot of software wouldn’t be viable for execution.
  • Versatility: There are also cases where there is no source code available for compilation, like Flash. This will not be an issue for CheerpX either.
  • Accuracy: Applications will run identically to the way they work in native.

What is PythonFiddle?

  • CheerpX: runs the python interpreter with the user-written code snippet in real time in the browser.
  • Debian buster disk image: gives access to a complete file system.
  • Xterm.js: provides a full terminal experience, including formatting and support for curses-based apps.
  • Native-like execution: with access to a proper file system and multiprocessing capabilities, the users will be able to take advantage of most functionalities of python without issues. This includes read/write access to a full Debian file system image, multithreading, subprocess and most python libraries.
  • Privacy-preserving code sharing: To share code, it is compressed and encoded as a hash of the url using lz-string, and then decoded on the receiving side directly from the url. This way users can share their code without it having to pass through our servers. You can test it by using this link.
  • Robust against abuse: since code execution occurs entirely sandboxed to client-side and nothing will be sent to our servers, we are safe from any form of undesired usage.
  • Scalability without costs: all processing and execution occurs client-side, which means that a minimal amount of our resources will be spent, even if the amount of users grows considerably.
CheerpX.run(“python3”, [“-c”, “print(’Hello world!’)”], env); 



Leaning Technologies' Blog - everything WebVM, Cheerp, CheerpJ, CheerpX, compile-to-WebAssembly and WebAssembly virtualization

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store