Automatically exported from code.google.com/p/es-lab
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
doc
site
src
tests
third_party
JsonMLASTFormat.md
Makefile
ProjectHome.md
README.md
SafeMashups.md
SecureEcmaScript.md
SecureableES5.md
Talks.md
Traits.md
load-ometa.js
run-parser-tests.js

README.md

ES-lab: experiments with proposed extensions to JavaScript

Ecmascript 5, proxies and traits are discussed in these talks.

Script Compartments

These abstractions compose well. For example, in an SES frame as initialized by initSES.js

    var compartment1 = makeMembrane(cajaVM.eval);
    var eval1 = compartment1.wrapper;
    var gate1 = compartment1.gate;
    var badCode = //... obtain potentially malicious code from somewhere ...
    var result = eval1(badCode);
    //... use result ...
    gate1.revoke();
    //... contents of compartment gone and collectible ...

A membrane around an SES eval creates a compartment in which one can run potentially malicious code, confident that the resulting potentially malicious objects can interact with the world outside this compartment only as permitted by the objects you provide them. Once the compartment is revoked, not only is all their connectivity severed, it is severed in ways the garbage collector can recognize. Given a good enough collector, these hostile objects cannot even continue to occupy your memory.

On browsers supporting SES and the Uniform Messaging Policy, we can mashup code from multiple origins without the usual vulnerabilities.

News

SES announcement on es-discuss