Secure EcmaScript (SES)
Secure EcmaScript (SES) is a frozen environment for running EcmaScript
scope, and with the addition of a safe two-argument evaluator
SES.confine(code, endowments)). By freezing everything accessible from the
global scope, it removes programs abilities to interfere with each other, and
thus enables isolated evaluation of arbitrary code.
It runs atop an ES6-compliant platform, enabling safe interaction of mutually-suspicious code, using object-capability -style programming.
Derived from the Caja project, https://github.com/google/caja/wiki/SES.
Still under development: do not use for production systems yet, there are known security holes that need to be closed.
npm install ses
This example locks down the current realm, turning it into a starting
Within a compartment, there is a
Compartment constructor that conveys
"endownments" into the new compartment's global scope, and a
that that object and any object reachable from its surface.
The compartment can import modules and evaluate programs.
;;const c =print:;c;
The new compartment has a different global object than the start compartment. The global object is initially mutable. Locking down the start compartment hardened many of the intrinsics in global scope. After lockdown, no compartment can tamper with these intrinsics. Many of these intrinsics are identical in the new compartment.
const c = ;cglobal === global; // falsecglobalJSON === JSON; // true
The property holds among any other compartments. Each has a unique, initially mutable, global object. Many intrinsics are shared.
const c1 = ;const c2 = ;c1global === c2global; // falsec1globalJSON === c2globalJSON; // true
Please help us practice coordinated security bug disclosure, by using the instructions in SECURITY.md to report security-sensitive bugs privately.
For non-security bugs, please use the regular Issues page.