One approach could be to compile the core or file loader to WebAssembly, load the file using the WebAssembly which will ensure there’s nothing nefarious in terms of reaching outside the desired buffer, and then marshal the whole object across.

This what I understand Mozilla does in Firefox: https://hacks.mozilla.org/2020/02/securing-firefox-with-weba...