Which SES? How to use SES?


#1

At https://groups.google.com/forum/#!topic/google-caja-discuss/JVGCFZDqlC8 Mike Stay asks:

It looks as though nothing has happened on drses/ses since 2013, and
very little has happened on google/caja since 2014. Is SES only being
developed under https://github.com/Agoric/SES now?

It also looks as though the API for running SES has changed over the
last year or so. It used to be that I would build initSES.js, include
it (or the minified version) in a page, then invoke
cajaVM.compileExpr(untrustedSource)(virtualGlobal)
when I wanted the result of running an untrusted expression.

I don’t see initSES in the output of
npm run build

Is it still generated? If not, what’s the new incantation to evaluate
an expression in an SES environment?


#2

Oops. Mike’s subject line was “Status of other sources of SES?”


#3

It looks as though nothing has happened on drses/ses since 2013, and
very little has happened on google/caja since 2014. Is SES only being
developed under https://github.com/Agoric/SES now?

Yes. Well, almost yes. Salesforce has a not-yet-publicly-visible repository that we’re participating in, with a single-realm implementation of SES, without a mechanism for creating new root realms. There are other differences too, but we are working together to reconcile them.

It also looks as though the API for running SES has changed over the
last year or so.

Yes, sorry, it has changed rather completely. It is a successor to the ideas but not an upgrade from original-SES. The new API is built on the Realms and Frozen Realms standards proposals. Nevertheless, since most of the old API was just the SES-constrained subset of JavaScript itself, I expect it will not be too painful to migrate old software.

It used to be that I would build initSES.js, include
it (or the minified version) in a page, then invoke
cajaVM.compileExpr(untrustedSource)(virtualGlobal)
when I wanted the result of running an untrusted expression.

Because of constraints from JS engine implementors, we decided against passing in an object to serve as the global. Rather, a global is created when creating a realm — both a root-realm and a compartment. However, the simpler-to-use evaluator from original-SES is essentially unchanged in SES:

SES.confine(src, endowments)

This creates a new global lexical scope, copies the endowments onto that, and then evaluates the src string in that environment. See

where I re-gave to friam the Realms Shim Security Review talk that I did (unrecorded) for tc39.

Like original-SES, SES also has lower level evaluators for more flexibility, but these make different distinctions than original-SES.

I don’t see initSES in the output of
npm run build

Is it still generated? If not, what’s the new incantation to evaluate
an expression in an SES environment?

See Brian’s answer at Using SES to protect Klipse

But please ask again if this isn’t clear. Thanks.