[Caja] Language-Based Isolation of Untrusted JavaScript
David-Sarah Hopwood
david-sarah at jacaranda.org
Mon May 11 15:14:05 PDT 2009
TobyMurray wrote:
> Hi caja folks,
>
> I expect you're all aware of this but I wanted to mention a paper I
> recently came across.
>
> There is some really interesting formal work being done on secure
> [subsets] of JavaScript. The paper whose title is the subject of this
> post is particularly relevant and is available at:
> http://www.doc.ic.ac.uk/~maffeis/csf09.pdf
I wasn't aware of this paper, thanks.
First a technical question. The paper says in Definition 2 that,
apart from numeric properties, the properties
toString, toNumber, valueOf, length, prototype,
constructor, message, arguments, Object, Array, RegExp
can be accessed implicitly. However no 'toNumber' property is
mentioned anywhere in the ECMAScript specs, and I don't know of
any implementation-specific property of that name. Have I missed
something, or is 'toNumber' a figment of the authors' imagination?
(This is unfortunately almost impossible to search for.)
--
David-Sarah Hopwood ⚥
More information about the es-discuss
mailing list