rekmarks
commented
2 years ago For reference, the ses version update was completed succesfully here: https://github.com/MetaMask/snaps-skunkworks/pull/159
Closed rekmarks closed 2 years ago
rekmarks
commented
2 years ago For reference, the ses version update was completed succesfully here: https://github.com/MetaMask/snaps-skunkworks/pull/159
The SES lockdown logic for the iframe execution environment should be updated to match the extension. This should be accomplished by prepending a
scripttag comprised of this followed by this toindex.html. If either step fails, the iframe should ideally blow up, or at the very least prevent further code from executing. If we can't find an elegant solution, entering into an infinite loop in the catch block is preferable to the rest of the EE code executing.As part of this change, we should also update the ses package to the latest version. Note that we should use the file
node_modules/ses/dist/lockdown.min.umd.jsdirectly and not attempt to importsesin our own code.