search

nuprl / Stopify

A JS-to-JS compiler that makes it easier to build Web IDEs and compile to JS.
https://zenodo.org/records/10408254
BSD 3-Clause "New" or "Revised" License
172 stars 12 forks source link

Integrate Stopify with Klipse #382

Open viebel opened 6 years ago

viebel commented 6 years ago

As you guys suggested here, I'd be happy to integrate Stopify with Klipse.

Your help would me much appreciated.

  1. What compiler options should we use in order to prevent the code from frezing the browser?
  2. What compiler options should we use in order to make the code stoppable by the user?
  3. Is there a way to prevent from the code to do any malicious actions like stealing cookies etc...?
rachitnigam commented 6 years ago

Thanks for reaching out! We’d be happy to help you integrate klipse and Stopify.

To answer your questions:

  1. The default settings for the Stopify compiler and runtime make sure that the code does not freeze the web page.

  2. When compiling with Stopify, you get access to an interface called AsyncRun (documentation details below) that allows you to implement stopping, pausing, breakpointing etc.

  3. Just to clarify, does klipse already have some way to mitigate this?

While Stopify has quite a few options, to tweak, default options work fine most of the time. The best way to get started would be to take a look at the docs here: https://stopify.readthedocs.io/en/latest/ and particularly going through the examples here: https://stopify.readthedocs.io/en/latest/illustrative_examples.html AsyncRun documentation here: https://stopify.readthedocs.io/en/latest/runtime.html

Just for reference, the code for stopify.org lives here: https://github.com/plasma-umass/stopify.org

Once you have a sense of the interface, please feel free to update the comment thread and I’d be happy to work more directly with you in integrating klipse and Stopify.

Also, if you have any questions, ping us here and we’ll be able to answer you.

cc @baxtersa @arjunguha

arjunguha commented 6 years ago

Hi @viebel, thanks for your interest in Stopify. About malicious code, Stopify has a runtime setting that controls the set of "external" symbols:

https://stopify.readthedocs.io/en/latest/compiler.html#external-symbols-externals

If you don't put things like window and document in the list of externals, you will go a long way toward thwarting malicious code. I won't say that Stopify guarantees isolation---it wasn't designed to do that, but it is something that could be built up.

rachitnigam commented 6 years ago

Started work here: https://github.com/viebel/klipse/pull/314