We got an email on the google-caja-discuss list about using Caja:
… and I thought I’d respond here.
Yes, SES is a good tool for this, or at least a good starting point. Take a look at the demo page (https://rawgit.com/Agoric/SES/master/demo/ , for which the source is in https://github.com/Agoric/SES/tree/master/demo) to get a sense of how to call it. Basically you include a script tag with the ses-shim.js file, then create a new SESRealm with
SES.makeSESRootRealm(), then you evaluate code inside the realm with
That will get you safe evaluation, but you probably need more than that. The important question to ask is: what kind of access (to the outside world) should this evaluated code get?
I haven’t used Klipse, but I’m assuming it’s somewhat like JSFiddle, where you’re trying to demonstrate some web technique to other people. So the snippets you’re executing are supposed to get access to the DOM. SES doesn’t give any access by default: it’s a very “pure” environment (it doesn’t even have
console.log() right now, but we’re trying to fix that). The SES demo page show how you can provide safe access to specific functions from the untrusted code, and you can use that as a building block to expose more complex resources.
If you’re trying to protect the Medium/dev.to domain from the untrusted code, then you can’t afford to expose DOM access (because it could use that to steal the Medium.com login cookie/etc). However, depending upon your use case, you might exactly want to expose some kind of DOM to the code. As MarkM pointed out, this sort of virtualized DOM is the job of Domato (in the Caja repo), which is not yet built into SES (and is a ways off, I think).
hope that helps,