Proposed change to typeof (was: Draft of Function.prototype.bind)
david.hopwood at industrial-designers.co.uk
Tue Nov 4 12:11:03 PST 2008
Mark S. Miller wrote:
> For Cajita, the only issue is RegExps. Host objects are such a disaster of
> unspecified vagueness and random browser behavior that we never expose hosts
> objects directly to cajoled code. Rather, we intermediate all access to host
> objects through our taming layer. Other secure JS variants -- ADsafe, FBJS,
> Jacaranda, MS WebSandbox, dojox.secure -- do likewise.
> Within Cajita, RegExps are non-callable and are not functions, irrespective
> of the underlying JS's behavior. Therefore, within Cajita, |typeof F ===
> 'function'| iff the [[Class]] property of F is "Function". In Cajita,
> therefore, there is no difference between "being callable" and "being a
> Because Rhino and WebKit say that typeof a RegExp is 'function', we need to
> translate all Cajita typeof operations. Because Valija -- the full
> ES3.1-strict emulation layer build on Cajita -- uses typeof in performance
> critical places, this translation turned out to be costly.
> I suggest that, for non-host objects, we change the ES3.1 spec so that
> |typeof F === 'function'| iff the [[Class]] property of F is "Function". For
> host objects, the spec would continue to allow them to return whatever the
> func they want ;). This proposed change is acceptable to all participants on
> this morning's ES3.1 call, pending your reactions on these lists.
I object. The Jacaranda runtime depends on being able to distinguish
callable from noncallable objects. With this change, it has no reliable
way to do so. (For the specific case of RegExp objects, there is no
direct security problem because they do not use the value of 'this'
when called. However, the proposed change in the spec would allow other
native objects to be undetectably callable.)
The correct fix is to make RegExp objects noncallable. This matches IE
and Opera's behaviour and so will not "break the web".
More information about the Es-discuss