Anti-pollution in ES5 by static verification (was: Addition of a global namespace function?)

Erik Corry erik.corry at gmail.com
Fri Dec 4 11:06:58 PST 2009


2009/12/4 Mark Miller <erights at gmail.com>:
> On Fri, Dec 4, 2009 at 9:52 AM, Mark Miller <erights at gmail.com> wrote:
>>>
>>> Given that primordials (other than the global object) are transitively
>>> frozen and that the above whitelist was adequately restrictive, each
>>> call of a closed function is fully isolated -- its connectivity to the
>>> world outside itself is fully under control of its caller. If the
>>> module-function's caller denies access to the global object, the
>>> indirect eval function, and to the Function constructor, then the
>>> module cannot pollute non-local state.
>
> Note that Function.prototype.constructor should either not be on the
> whitelist (and should thereby be deleted), or it should be reassigned
> to something safe during the initial clean-or-die phase. Otherwise
> "(function(){}).constructor" would give access to the Function
> constructor, allowing global pollution after all.
>
> I cannot currently find in the ES5 spec whether a conforming
> implementation may/must allow Function.prototype.constructor to be
> deleted or reassigned. Where in the spec is this dealt with?

I think you have to allow all such properties to be deleted unless
they have DontDelete.

Luckily it's not one of the magic undeletable properties in JSC and
V8: https://bugs.webkit.org/show_bug.cgi?id=25527 (ignore misleading
bug title).

-- 
Erik Corry


More information about the es-discuss mailing list