david-sarah at jacaranda.org
Mon Jan 11 20:11:44 PST 2010
Kevin Curtis wrote:
> So, FF3.5 has resurrected the sandboxed eval with the second 'global' object
> parameter - as the closure peeking issue has been fixed. (The second param
> is a live object rather than a string). And thus if the second param object
> is frozen (and the primordials and their prototypes etc frozen) FF3.5 eval
> could act as a restricted eval.
FF3.5 eval is undocumented, but if I'm reverse-engineering the source code
correctly, it still violates encapsulation.
A restricted eval should be specified from scratch, not based on what a
poorly thought-out vendor extension happens to do.
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 292 bytes
Desc: OpenPGP digital signature
More information about the es-discuss