Published attenuating proxies for common web APIs

For the MetaMask plugin system we want to allow scripts to request permission to use web APIs (like fetch, or websockets), but ideally confined in a variety of ways, for example what domains those APIs would be allowed to access.

It occurred to me that there is probably a shared ecosystem need for a collection of Proxy wrappers for web APIs to confine them in common ways, and I mostly expect this doesn’t exist yet, but I figured I’d open this thread to both ask if anyone has written proxies for confining common web APIs, and as a place to post them as they are written, as I see a few of them in my near future.

These will be fairly easy for the two examples I gave, but some web APIs will require a little more work to cover all edge cases. For example, a proxy for the XMLHttpRequest API will need to return a proxy in response to its constructor, which itself is attenuated. Little idiosyncrasies like that have me thinking this is worthy of some common libraries.

You’ll need a full membrane. There are three places to look:

Alex Vincent’s highly parameterizable es-membrane https://github.com/ajvincent/es-membrane

Caridy Patino’s specialized membrane in https://github.com/caridy/secure-javascript-environment

Historical interest. Before proxies. But interesting
Caja’s Domado dom-wrapper at https://github.com/google/caja