Current ClientHandlers may be renamed to unsafe, and we also may introduce safe ClientHandlers

[Konard]

Unsafe handler executes directly as React component in Deep.
Safe handler may be hosted in docker isolation provider or anywere on web and can be connected using iframe.

Unsafe handler (ClientHandler) may execute in the context of the user, and it may have direct access to all changes to Deep. For example if someone can do additional actions on button click or any user interaction.
The data may be loaded from untrusted environment, for example we can have a web crawler that just parses all the pages, if we want to see each page inside deep, some of the pages may be aware of deep existence and use unsafe client handlers to do direct actions from admin or another user will lots of permissions.

To make ClientHandlers safe, we should open each client handler inside iframe, and give it permissions of the package where client handler is defined. That way it should be fully controllable.

We can use massage communication between safe ClientHandler and deep. For example, safe ClientHandler can request token of package there the ClientHandler exists. That will be enough to make access of client handler to Deep fully controllable and configurable. As user now can configure what this package token can and cannot do.

We need both Unsafe and Safe ClientHandlers, to provide flexibility to do everything it is possible to do. It may be desirable that ClientHandler has direct access to browser of the user without iframe isolation.

More about messaging between Deep web page and iframes: https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage