Being able to execute people model code safely is very important if it is going to be shared. Cross site scripting (XXS) is the problem. Fortunately there are quite well documented way of preventing it. This is in part thanks to the popularity of sites like js-bin, js-fiddle, codepen etc. who have popularised sharing code in the browser.

It seems that the common way of preventing XXS is to execute the code in an iframe. To prevent to iframe from access the top level window it is served from a different domain. The browser effectively sandboxes this different domain iframe for you. These is also a sandbox attribute on the iframe. This iframe is then used to generate a dynamic inner iframe that display the results of code. Messages can be passed using cross domain messaging.

The simplest way of running a CNC machine seems to be using something like GRBL. It's an open source piece of software that runs embedded on an Arduino, or more specifically the Atmega 328 microcontrolller chip. It is designed to be a low cost alternative to parallel-port-based motion control such as EMC2 or Mach3. It doesn't quite support all G-code features, for example; macro functions, variables, canned cycles etc. These aren't needed though, the whole point is we are using javascript almost as a preprocessor for G-code. It seems pretty elegant just to have an Arduino sitting on each gantry providing all the motion control (apart from stepper motor drives of course). This isolates the motion control from the rest of the design software.

GRBL still needs the G-code commands sent to it. This is done through a serial connection. There are so called 'universial' G-code senders but writing some code to send serials commands should be fairly trivial. There could just be a machine running node connected up to several machines barking out commands. This machine checks and lists queued job on the MAKEIT database and can then select and run these jobs on the CNC machine.

Some downsides of using GRBL are that it's limited to the Atmega 328 chip, because of specific optimisations they have made. Although it is capable of making decent cuts it maybe isn't powerful enough to take advantage of higher end stepper drivers and motor as it runs at a lower frequency. As it operate as a black box theoretically it should be easy to replace with something better and more powerful later on, if needed.

In order to make the MAKEIT software usable there is a clear separation between the design software and the software running the machine/s. This allows separate use. All the higher level code is written in the same language on the same platforms which includes Javascript, HTML and CSS.

The intension is for all the software to be open source. This means that anyone could download it and have there own personal design center. There will be a publicly available app to use hosted on makeit.co.uk and a MAKEIT workshop. What makes this accessable is that the design server, database and cache can either all be run on the same machine or different machines. If the public app become mildly popular it might run several servers for each. The software is designed to run off two or even one raspberry pis just as much as several high end servers. For each machine you download all the source code and choose what to run.