Status of other sources of SES?

36 views
Skip to first unread message

Mike Stay

unread,
Jan 8, 2019, 3:49:23 PM1/8/19
to Google Caja Discuss
It looks as though nothing has happened on drses/ses since 2013, and
very little has happened on google/caja since 2014. Is SES only being
developed under https://github.com/Agoric/SES now?

It also looks as though the API for running SES has changed over the
last year or so. It used to be that I would build initSES.js, include
it (or the minified version) in a page, then invoke
cajaVM.compileExpr(untrustedSource)(virtualGlobal)
when I wanted the result of running an untrusted expression.

I don't see initSES in the output of
npm run build

Is it still generated? If not, what's the new incantation to evaluate
an expression in an SES environment?
--
Mike Stay - meta...@gmail.com
http://math.ucr.edu/~mike
https://reperiendi.wordpress.com

Mark Miller

unread,
Jan 8, 2019, 9:52:05 PM1/8/19
to Google Caja Discuss
Hi Mike I repeated your question and answered at https://ocapjs.org/t/which-ses-how-to-use-ses/41/3

Can we discuss there? Thanks.





--

---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-caja-dis...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


--
  Cheers,
  --MarkM

Mike Stay

unread,
Jan 9, 2019, 10:37:46 AM1/9/19
to Google Caja Discuss
OK. What topics, if any, would you like to remain on this list?

Mark Miller

unread,
Jan 9, 2019, 1:36:49 PM1/9/19
to Google Caja Discuss
Anything specific to Google-Caja or to the original-SES within Google-Caja.

But if there are contrary preferences, please speak up. Thanks.

Mike Stay

unread,
Jan 9, 2019, 2:13:06 PM1/9/19
to Google Caja Discuss
Should anyone using original-SES switch to SES, or will security
patches be backported?

Mark Miller

unread,
Jan 9, 2019, 3:35:10 PM1/9/19
to Google Caja Discuss
Neither Agoric nor Salesforce are likely to invest effort backporting fixes into original-SES.

I would anyone using original-SES should switch to SES, including Google. However, as mentioned, there are porting costs. That's the right place to put engineering effort, rather than backporting fixes to original-SES.

If anyone (including Google) would like help migrating from original-SES to SES, please let us know. Thanks.



Reply all
Reply to author
Forward
0 new messages