[racket] Creating / rendering GUI elements in a Racket sandbox

Hi All,

I'm trying to execute Racket code with reduced permissions. My intent is
that the sandboxed code will be rendering content to be  displayed by
the application.

I can create an evaluator with the following function:

(define sandbox
  (call-with-trusted-sandbox-configuration
   (lambda ()
     (make-evaluator 'racket/gui
                     #:allow-for-require '(racket/gui
                     racket/gui/base)))))

I can then use the evaulator to execute GUI code in a sandbox; the
following call causes a message box to be displayed as I expect:

 (sandbox '(message-box "hello" "world"))

What I'm struggling with is an idiomatic way of allowing the sandboxed
code to render to my existing app.

I could simply have the sandbox return controls. E.g.:

(sandbox `(new text-field% [label ""] [init-value "foo"] [callback
address-text-changed]))

... but that fails because I haven't set the parent. But the parent of
the control belongs outside the sandbox.

So I'm wondering whether I could pass context into the evaluator in some
way? Say, give it access to a container inside my frame? I can't see any
safe way of doing this however; once the sandboxed code has access to
any part of the existing GUI hierarchy, it has access to All The Things.

Any suggestions on idiom, pointers to documentation, etc. would be very
helpful here. I'm still learning my way around Racket so suspect the
answer is pretty simple.

-- 
Duncan Bayne
ph: +61 420817082 | web: http://duncan-bayne.github.com/ | skype:
duncan_bayne

I usually check my mail every 24 - 48 hours.  If there's something
urgent going on, please send me an SMS or call me.