Anti-pollution in ES5 by static verification (was: Addition of a global namespace function?)

David-Sarah Hopwood david-sarah at jacaranda.org
Fri Dec 4 18:23:33 PST 2009


Mark Miller wrote:
> On Fri, Dec 4, 2009 at 9:52 AM, Mark Miller <erights at gmail.com> wrote:
>>> Given that primordials (other than the global object) are transitively
>>> frozen and that the above whitelist was adequately restrictive, each
>>> call of a closed function is fully isolated -- its connectivity to the
>>> world outside itself is fully under control of its caller. If the
>>> module-function's caller denies access to the global object, the
>>> indirect eval function, and to the Function constructor, then the
>>> module cannot pollute non-local state.
> 
> Note that Function.prototype.constructor should either not be on the
> whitelist (and should thereby be deleted), or it should be reassigned
> to something safe during the initial clean-or-die phase. Otherwise
> "(function(){}).constructor" would give access to the Function
> constructor, allowing global pollution after all.
> 
> I cannot currently find in the ES5 spec whether a conforming
> implementation may/must allow Function.prototype.constructor to be
> deleted or reassigned.

It must.

> Where in the spec is this dealt with?

Section 15,

# In every case, the length property of a built-in Function object
# described in this clause has the attributes [blah]. Every other
# property described in this clause has the attributes
# { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }
# unless otherwise specified.

(was just looking it up :-)

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20091205/33315c91/attachment.bin>


More information about the es-discuss mailing list