Anti-pollution in ES5 by static verification (was: Addition of a global namespace function?)

Mark Miller erights at gmail.com
Fri Dec 4 10:10:24 PST 2009


On Fri, Dec 4, 2009 at 9:52 AM, Mark Miller <erights at gmail.com> wrote:
>>
>> Given that primordials (other than the global object) are transitively
>> frozen and that the above whitelist was adequately restrictive, each
>> call of a closed function is fully isolated -- its connectivity to the
>> world outside itself is fully under control of its caller. If the
>> module-function's caller denies access to the global object, the
>> indirect eval function, and to the Function constructor, then the
>> module cannot pollute non-local state.

Note that Function.prototype.constructor should either not be on the
whitelist (and should thereby be deleted), or it should be reassigned
to something safe during the initial clean-or-die phase. Otherwise
"(function(){}).constructor" would give access to the Function
constructor, allowing global pollution after all.

I cannot currently find in the ES5 spec whether a conforming
implementation may/must allow Function.prototype.constructor to be
deleted or reassigned. Where in the spec is this dealt with?

-- 
Text by me above is hereby placed in the public domain

    Cheers,
    --MarkM


More information about the es-discuss mailing list