Module isolation

David-Sarah Hopwood david-sarah at jacaranda.org
Mon Jan 11 11:13:39 PST 2010


Mark S. Miller wrote:
> On Mon, Jan 11, 2010 at 3:03 AM, Kevin Curtis <kevinc1846 at googlemail.com>wrote:
> 
>> Re isolation, sandboxing - and modules.
>>
>> Is there is a case for the ability to 'configure and freeze' a global
>> object for sandboxing, SES and maybe modules. Indeed the 'restricted eval'
>> can be seen as more specific case of an eval which takes a 'configured and
>> frozen global' environment. With a frozen global all bindings should be able
>> to be resolved at the time eval is called. Effectively, restricted evaled
>> code will have 'const x = <object>' binding added to it's scope - where 'x'
>> is a property from the configured global object.
>>
>> N.B - if a restricted eval takes a second param as a string to configure
>> the 'global environment' for the evaled code then it would avoid the closure
>> peeking issue.
>
> What's the "closure peeking issue"?

<http://code.google.com/p/google-caja/wiki/EvalBreaksClosureEncapsulation>

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20100111/38197706/attachment-0001.bin>


More information about the es-discuss mailing list