[Caja] Language-Based Isolation of Untrusted JavaScript

David-Sarah Hopwood david-sarah at jacaranda.org
Mon May 11 15:14:05 PDT 2009

TobyMurray wrote:
> Hi caja folks,
> I expect you're all aware of this but I wanted to mention a paper I
> recently came across.
> There is some really interesting formal work being done on secure
> [subsets] of JavaScript. The paper whose title is the subject of this
> post is particularly relevant and is available at:
> http://www.doc.ic.ac.uk/~maffeis/csf09.pdf

I wasn't aware of this paper, thanks.

First a technical question. The paper says in Definition 2 that,
apart from numeric properties, the properties

  toString, toNumber, valueOf, length, prototype,
  constructor, message, arguments, Object, Array, RegExp

can be accessed implicitly. However no 'toNumber' property is
mentioned anywhere in the ECMAScript specs, and I don't know of
any implementation-specific property of that name. Have I missed
something, or is 'toNumber' a figment of the authors' imagination?
(This is unfortunately almost impossible to search for.)

David-Sarah Hopwood ⚥

More information about the es-discuss mailing list