Anti-pollution in ES5 by static verification (was: Addition of a global namespace function?)

Erik Corry erik.corry at
Fri Dec 4 11:06:58 PST 2009

2009/12/4 Mark Miller <erights at>:
> On Fri, Dec 4, 2009 at 9:52 AM, Mark Miller <erights at> wrote:
>>> Given that primordials (other than the global object) are transitively
>>> frozen and that the above whitelist was adequately restrictive, each
>>> call of a closed function is fully isolated -- its connectivity to the
>>> world outside itself is fully under control of its caller. If the
>>> module-function's caller denies access to the global object, the
>>> indirect eval function, and to the Function constructor, then the
>>> module cannot pollute non-local state.
> Note that Function.prototype.constructor should either not be on the
> whitelist (and should thereby be deleted), or it should be reassigned
> to something safe during the initial clean-or-die phase. Otherwise
> "(function(){}).constructor" would give access to the Function
> constructor, allowing global pollution after all.
> I cannot currently find in the ES5 spec whether a conforming
> implementation may/must allow Function.prototype.constructor to be
> deleted or reassigned. Where in the spec is this dealt with?

I think you have to allow all such properties to be deleted unless
they have DontDelete.

Luckily it's not one of the magic undeletable properties in JSC and
V8: (ignore misleading
bug title).

Erik Corry

More information about the es-discuss mailing list