I have now found this thread posted 2 years ago which seems very similar to what I was looking for. The solution was to create a new QML component which create a new QML engine instance and isolates the untrusted QML code inside it. That does isolate the execution context, it does't however monitor the network traffic generated by the component. In my case network communication must be restricted to a certain set of domains, so I need to intercept network going in and out of the component, any idea how?

@mousemao I've made a feature request here https://bugreports.qt.io/browse/QTBUG-55074 BTW, 大哥，你好~~

Perhaps it's the problem ! Thank's for your time lucas and your work !