@timClicks An often overlooked point is whether a sandboxed thingy is a trustworthy source. IMO not universally: if you sandbox something that parses unsafe input and is written in an unsafe language, output of that sandbox should still be considered untrusted (because an attacker who can get code execution in the sandbox can inject arbitrary output).