Coder Social home page Coder Social logo

Comments (3)

caridy avatar caridy commented on July 24, 2024

@Jack-Works I believe what you're asking here is a use-cases solved by https://github.com/caridy/secure-javascript-environment, which is an abstraction on top of realms-shim. In the examples, you there are two explicit example show casing how expandos are handled, and how polyfilling (changing the protochain of a provided DOM api), without affecting the outer realm.

Now, the ambiguity of your example comes from the first line (HTMLElement.prototype.a = 1), which is executed in the outer realm, there are 3 main things to keep in mind/discuss:

  • outer realm should be prepared (usually referenced as polyfilling the outer realm), in case it is broken for the realms-shim point of view.
  • how do you know that HTMLElement.prototype.a = 1 is not part of that preparation?
  • usually, the outer realm is protected, and mutations on it should be safe if all untrusted code is executed inside a sandbox.

from realms-shim.

Jack-Works avatar Jack-Works commented on July 24, 2024

In our use case, the outer realm is untrusted and code run in the sandbox is trusted. We need it to run in the sandbox to avoid secret information leak out to the dangerous outer realm.
We're loading our WebExtension polyfill by WKWebkit and we can ensure we can run our code before any other dangerous code runs. So when we're preparing the execution environment of WebExtension, the globalThis is clean, not modified by anyone.

from realms-shim.

Jack-Works avatar Jack-Works commented on July 24, 2024

So execution order of our code is:

-> Webview onCommitted. The JS environment is just created. No code has run.
-> Inject WebExtension polyfill, prepare the environment. At this point, the JS environment is clean. WebExtension polyfill will copy everything on the globalThis for future use.
-> Webpage loaded, run its own code. JS environment is polluted. (HTMLElement.prototype.a = 1
)
-> Codes now loaded in WebExtension, with a clean environment preserved in step 1. (HTMLElement.prototype.b = 2)

-> Now both outside code and inside code are ready.

Expected outside code cannot access HTMLElement.prototype.b because it's secret info.
Expected inside code cannot access HTMLElement.prototype.a because it may be dangerous.

from realms-shim.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.