Anti-pollution in ES5 by static verification (was: Addition of a global namespace function?)

Mark Miller erights at
Fri Dec 4 10:10:24 PST 2009

On Fri, Dec 4, 2009 at 9:52 AM, Mark Miller <erights at> wrote:
>> Given that primordials (other than the global object) are transitively
>> frozen and that the above whitelist was adequately restrictive, each
>> call of a closed function is fully isolated -- its connectivity to the
>> world outside itself is fully under control of its caller. If the
>> module-function's caller denies access to the global object, the
>> indirect eval function, and to the Function constructor, then the
>> module cannot pollute non-local state.

Note that Function.prototype.constructor should either not be on the
whitelist (and should thereby be deleted), or it should be reassigned
to something safe during the initial clean-or-die phase. Otherwise
"(function(){}).constructor" would give access to the Function
constructor, allowing global pollution after all.

I cannot currently find in the ES5 spec whether a conforming
implementation may/must allow Function.prototype.constructor to be
deleted or reassigned. Where in the spec is this dealt with?

Text by me above is hereby placed in the public domain


More information about the es-discuss mailing list