nuprl/Stopify

Integrate Stopify with Klipse

Opened this issue · 3 comments

viebel commented

As you guys suggested here, I'd be happy to integrate Stopify with Klipse.

Your help would me much appreciated.

  1. What compiler options should we use in order to prevent the code from frezing the browser?
  2. What compiler options should we use in order to make the code stoppable by the user?
  3. Is there a way to prevent from the code to do any malicious actions like stealing cookies etc...?
rachitnigam commented

Thanks for reaching out! We’d be happy to help you integrate klipse and Stopify.

To answer your questions:

  1. The default settings for the Stopify compiler and runtime make sure that the code does not freeze the web page.

  2. When compiling with Stopify, you get access to an interface called AsyncRun (documentation details below) that allows you to implement stopping, pausing, breakpointing etc.

  3. Just to clarify, does klipse already have some way to mitigate this?

While Stopify has quite a few options, to tweak, default options work fine most of the time. The best way to get started would be to take a look at the docs here: https://stopify.readthedocs.io/en/latest/
and particularly going through the examples here: https://stopify.readthedocs.io/en/latest/illustrative_examples.html
AsyncRun documentation here:
https://stopify.readthedocs.io/en/latest/runtime.html

Just for reference, the code for stopify.org lives here:
https://github.com/plasma-umass/stopify.org

Once you have a sense of the interface, please feel free to update the comment thread and I’d be happy to work more directly with you in integrating klipse and Stopify.

Also, if you have any questions, ping us here and we’ll be able to answer you.

cc @baxtersa @arjunguha

arjunguha commented

Hi @viebel, thanks for your interest in Stopify. About malicious code, Stopify has a runtime setting that controls the set of "external" symbols:

https://stopify.readthedocs.io/en/latest/compiler.html#external-symbols-externals

If you don't put things like window and document in the list of externals, you will go a long way toward thwarting malicious code. I won't say that Stopify guarantees isolation---it wasn't designed to do that, but it is something that could be built up.

rachitnigam commented

Started work here: viebel/klipse#314