| ▲ | naugtur 3 days ago |
| It's within the same process and realm (window)
It has a cost, but it's nothing compared to putting every dependency of a large app in a separate iframe/process and figure out a way for them to communicate. |
|
| ▲ | cluckindan 3 days ago | parent [-] |
| Have you tried to find ways to break it? Plenty of objects in the browser API contain references to things that could be used to defeat the compartmentalization. If one were to enumerate all properties on window and document, how many would be objects with a reference back to window, document or some API not on the allowed list? |
| |
| ▲ | cowbertvonmoo 3 days ago | parent [-] | | I maintain ses, the compartment primitive LavaMoat relies on. The ses shim for hardenedjs.org creates compartments that deny guest code the ability to inspect the true global object or lexically reference any of its properties. By default, each compartment only sees the transitively frozen intrinsics like Array and Object, and no way to reach the genuine evaluators. The compartment traps the module loader as well, so you can only import modules that are explicitly injected. That leaves a lot of room for the platform to make mistakes and endow the compartment with gadgets, but also gives us a place to stand to mount a defense that is not otherwise prohibitively expensive. |
|
