This thesis presents a study of how to securely execute untrusted code. With web browsers being used to execute potentially malicious code for millions of users worldwide, its security is paramount. Designing and implementing new security techniques are inherently challenging, partly due to the complexity of modern browsers. Therefore a set of design principles for building interpreters are designed, using the language Haskell coupled with the building blocks of monad transformers. The implemented framework, named Bowser, serves as proof that interpreters can in fact be secure by design, and that extending it with new security mechanisms is easily achieved. This is demonstrated by adding dynamic taint analysis to the designed framework, with the goal of mitigating common attacks extracting sensitive information.