- The core of a Secure ECMAScript (SES) runtime. Sources at caja. (Old sources at es-lab.)
- DirectProxies a wrapper library that implements the new Direct Proxy API on top of the older Harmony Proxies API. Tested in Firefox 8.
- Membranes to be built on ES-Harmony Proxies and WeakMaps.
- traits.js, a traits library for ES5 that is backwards-compatible with ES3 (original here).
- An OMeta-based parser for Ecmascript 5, written in Javascript, generating a JsonML-based JsonMLASTFormat AST.
Ecmascript 5, proxies and traits are discussed in these talks.
These abstractions compose well. For example, in an SES frame as initialized by initSES.js
var compartment1 = makeMembrane(cajaVM.eval);
var eval1 = compartment1.wrapper;
var gate1 = compartment1.gate;
var badCode = //... obtain potentially malicious code from somewhere ...
var result = eval1(badCode);
//... use result ...
gate1.revoke();
//... contents of compartment gone and collectible ...A membrane around an SES eval creates a compartment in which one can run potentially malicious code, confident that the resulting potentially malicious objects can interact with the world outside this compartment only as permitted by the objects you provide them. Once the compartment is revoked, not only is all their connectivity severed, it is severed in ways the garbage collector can recognize. Given a good enough collector, these hostile objects cannot even continue to occupy your memory.
On browsers supporting SES and the Uniform Messaging Policy, we can mashup code from multiple origins without the usual vulnerabilities.