Received: by 10.224.31.135 with SMTP id y7mr46129232qac.5.1342033529180;
        Wed, 11 Jul 2012 12:05:29 -0700 (PDT)
X-BeenThere: nodejs@googlegroups.com
Received: by 10.229.105.85 with SMTP id s21ls1318809qco.1.gmail; Wed, 11 Jul
 2012 12:05:08 -0700 (PDT)
Received: by 10.224.59.73 with SMTP id k9mr24622988qah.4.1342033508230;
        Wed, 11 Jul 2012 12:05:08 -0700 (PDT)
Received: by 10.224.59.73 with SMTP id k9mr24622979qah.4.1342033508203;
        Wed, 11 Jul 2012 12:05:08 -0700 (PDT)
Return-Path: <erig...@google.com>
Received: from mail-qc0-f176.google.com (mail-qc0-f176.google.com [209.85.216.176])
        by gmr-mx.google.com with ESMTPS id k34si788458qcz.1.2012.07.11.12.05.08
        (version=TLSv1/SSLv3 cipher=OTHER);
        Wed, 11 Jul 2012 12:05:08 -0700 (PDT)
Received-SPF: pass (google.com: domain of erig...@google.com designates 209.85.216.176 as permitted sender) client-ip=209.85.216.176;
Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of erig...@google.com designates 209.85.216.176 as permitted sender) smtp.mail=erig...@google.com; dkim=pass header...@google.com
Received: by qcsc21 with SMTP id c21so1191469qcs.35
        for <nodejs@googlegroups.com>; Wed, 11 Jul 2012 12:05:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:x-system-of-record;
        bh=eIFK8SFTaPMePEGoso9GmjoLVVKuxAfQhWyFq7iLs44=;
        b=I+xLNE/FYnEO+9P88WModoazQzehC0JmJp+J+bjnYWUALI/eaNRGvmqvf9Y5hWFV4C
         d8W+3c77n5M3oIQM375pIaPrN+ggwOTn3maIK3qLNyzNIOx4Rm49+aMIy5OdZNLJN1PR
         12Zudz1/7mJqo5BKUuv+S0/RmwYC6Bz1+uv26OenQ2yb+KtMYltiIymP1VGi+tnhAftr
         Y7PNB43nyM9ChOxIx/OwjBBzD3Oyao9Tihbf7CMCXzLDgbXEpXPyM8MhU7VZpaIVoAfO
         rgad2AT+ENl/3jPNYzMJZhNe9AoVRJfQg4UvjDNXOtmHlRBn5rOUp1Xw8eI0/xZtQYcT
         WLCg==
        d=google.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:x-system-of-record:x-gm-message-state;
        bh=eIFK8SFTaPMePEGoso9GmjoLVVKuxAfQhWyFq7iLs44=;
        b=fE6hEN4jKYYcFC/1iN9MoPeMom0ICbPZdzaKOZRjosbOdSUJUhn0Emvz5+zEOGHzTe
         JGq/z+uvhFLQD5bosSz52n2GNXfJ8zL/IgSspVO40Icm/ZROAH3pShpHVoBbBdbquPNw
         OPQgIIouGyXNf7ZQNJ03GqYgiCdT+FTZTaPWrZSTlLQXKWBcfVfnCCJ5hywjPQpbQzUp
         dx7kB76faby4cem2iPyEyXF3cxM1fijxxHz0at0PQ0r8m5iu8ChS2kDMYsxAt55Ia8Lv
         ukaY9aIBhiDPPTU+4Wgt1EGQ817zBMUVScUGm8CNijvbdNS2T+Lp+2mPehvlx4Wb2qAS
         OPlw==
Received: by 10.224.110.73 with SMTP id m9mr89018236qap.6.1342033508051;
        Wed, 11 Jul 2012 12:05:08 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.224.110.73 with SMTP id m9mr89018223qap.6.1342033507964; Wed,
 11 Jul 2012 12:05:07 -0700 (PDT)
Received: by 10.224.108.196 with HTTP; Wed, 11 Jul 2012 12:05:07 -0700 (PDT)
In-Reply-To: <61b13cb6-4660-41c9-b0f2-bdc2b8a2639c@googlegroups.com>
References: <883c40c0-16c9-42e0-b39a-ce9a81536f31@googlegroups.com>
	<CAMs+DqKxzFPP8DtA7nwkwPZKohoSLO-Wvi_+o879jog7oFD...@mail.gmail.com>
	<CAPgQht3rPG03pzA6Be-R6euqkdNmfXdSOwXRPy8DGZWx=2y...@mail.gmail.com>
	<61b13cb6-4660-41c9-b0f2-bdc2b8a2639c@googlegroups.com>
Date: Wed, 11 Jul 2012 12:05:07 -0700
Message-ID: <CABHxS9h6MeOK=U2uu_UZdmdsZLWoDJ+Z1tAd1OzoG4FEO1t...@mail.gmail.com>
Subject: Re: [nodejs] Compiling JS for Safe vm.runInNewContext()
From: "Mark S. Miller" <erig...@google.com>
To: nodejs@googlegroups.com, 
	Google Caja Discuss <google-caja-discuss@googlegroups.com>
Content-Type: multipart/alternative; boundary=20cf3066792b84d8a604c49286e9
X-System-Of-Record: true
X-Gm-Message-State: ALoCoQnwWQEcXX0fmPM9k6CmE8NLxuDofMJ9IiAcMbwmJnfTQ1hRI8DXs2g9T7bfK7ImHxSZpCSIr9V/IqnpZ8b6rBsC5njlI4yg2IXPohnDW68R+Syp4FUAOnfagx45VQ7WvLmfKHcQF2OJQobOpOd+jRSZhWexMUXuzUZ7wlnj1Imb7aEOjIeueRLLpkTnfx8aqUJM0+3c

--20cf3066792b84d8a604c49286e9
Content-Type: text/plain; charset=ISO-8859-1

[+google-caja-discuss]

On Wed, Jul 11, 2012 at 11:24 AM, Kevin O <kevinohar...@gmail.com> wrote:

> Thanks for the suggestion. Caja does seem like it's pretty robust but
> maybe more than I need. Plus, I would have to call out to a service every
> time I compile or re-implement the whole thing in node to use it. Neither
> is really an option, unfortunately.
>
> On Wednesday, 11 July 2012 13:17:23 UTC-4, Marcel wrote:
>>
>> Look at Google Caja, this does exactly what you describe. It's a very
>> complicated problem.
>
>

Caja as a whole secures JS, html, css, and the browser/dom API. On Node,
the only relevant component is the securing of JS.

Caja has two ways to secure JS.

  * For pre-ES5 systems, Caja uses a server-side translator to translate
from the secure subset of ES5 to ES3. This is the "very complicated" that
Marcel refers to.

  * For ES5 compliant systems, Caja uses a simple client-side
translation-free system, the SES (Secure EcmaScript) library[1], to enforce
that further code in that evaled in that context is limited to the
object-capability subset of ES5.


[1] http://es-lab.googlecode.com/svn/trunk/src/ses/initSES-minified.js

sources at http://code.google.com/p/es-lab/source/browse/trunk/src/ses/
and
http://code.google.com/p/google-caja/source/browse/trunk/src/com/google/caja/ses/


-- 
    Cheers,
    --MarkM

--20cf3066792b84d8a604c49286e9
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

[+google-caja-discuss]<div><br></div><div class=3D"gmail_quote">On Wed, Jul=
 11, 2012 at 11:24 AM, Kevin O=A0<span dir=3D"ltr">&lt;<a href=3D"mailto:ke=
vinohar...@gmail.com" target=3D"_blank">kevinohar...@gmail.com</a>&gt;</spa=
n>=A0wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex">Thanks for the suggestion.=A0Caja does seem like it&#39;s =
pretty robust but maybe more than I need.=A0Plus, I would have to call out =
to a service every time I compile or re-implement the whole thing in node t=
o use it. Neither is really an option, unfortunately.<div>
<br>On Wednesday, 11 July 2012 13:17:23 UTC-4, Marcel wrote:<blockquote cla=
ss=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;=
border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex=
">
Look at Google Caja, this does exactly what you describe. It&#39;s a very c=
omplicated problem.</blockquote></div></blockquote></div><br><div><br></div=
><div>Caja as a whole secures JS, html, css, and the browser/dom API. On No=
de, the only relevant component is the securing of JS.</div>
<div><br></div><div>Caja has two ways to secure JS.=A0</div>
<div><br></div><div>=A0 * For pre-ES5 systems, Caja uses a server-side tran=
slator to translate from the secure subset of ES5 to ES3. This is the &quot=
;<span style=3D"font-family:arial,sans-serif;font-size:13px">very complicat=
ed&quot; that Marcel refers to.</span></div>

<div><span style=3D"font-family:arial,sans-serif;font-size:13px"><br></span=
></div><div><span style=3D"font-family:arial,sans-serif;font-size:13px">=A0=
 * For ES5 compliant systems, Caja uses a simple client-side translation-fr=
ee system, the SES (Secure EcmaScript) library[1], to enforce that further =
code in that evaled in that context is limited to the object-capability sub=
set of ES5.</span></div>

<div class=3D"gmail_extra"><br><br>[1]=A0<a href=3D"http://es-lab.googlecod=
e.com/svn/trunk/src/ses/initSES-minified.js">http://es-lab.googlecode.com/s=
vn/trunk/src/ses/initSES-minified.js</a></div><div class=3D"gmail_extra"><b=
r></div>
<div class=3D"gmail_extra">sources at=A0<a href=3D"http://code.google.com/p=
/es-lab/source/browse/trunk/src/ses/">http://code.google.com/p/es-lab/sourc=
e/browse/trunk/src/ses/</a></div><div class=3D"gmail_extra">and=A0<a href=
=3D"http://code.google.com/p/google-caja/source/browse/trunk/src/com/google=
/caja/ses/">http://code.google.com/p/google-caja/source/browse/trunk/src/co=
m/google/caja/ses/</a><br>
<div class=3D"gmail_quote"><br></div><div><br></div>-- <br>=A0 =A0 Cheers,<=
br>=A0 =A0 --MarkM<br>
</div>

--20cf3066792b84d8a604c49286e9--