How does jsFiddle allow and execute user-defined JavaScript without being dangerous?

Question

I\'ve been working on a JS library and would like to setup a demo page on Github that allows, for example, users to define their own callbacks and execute commands.

Answer 1

jsFiddle executes user scripts on a separate domain, http://fiddle.jshell.net (try it and see).
Therefore, it can't interact with the parent frame and it can't steal cookies.

You can actually do this without a separate server by placing a static page in a separate domain that reads from its querystring in Javascript.
You can communicate back using the page title (and so can the enemy).