Module isolation

David-Sarah Hopwood david-sarah at jacaranda.org
Mon Jan 11 20:11:44 PST 2010


Kevin Curtis wrote:
> So, FF3.5 has resurrected the sandboxed eval with the second 'global' object
> parameter - as the closure peeking issue has been fixed. (The second param
> is a live object rather than a string). And thus if the second param object
> is frozen (and the primordials and their prototypes etc frozen) FF3.5 eval
> could act as a restricted eval.

FF3.5 eval is undocumented, but if I'm reverse-engineering the source code
patch (http://hg.mozilla.org/releases/mozilla-1.9.1/rev/67944d1b207d)
correctly, it still violates encapsulation.

A restricted eval should be specified from scratch, not based on what a
poorly thought-out vendor extension happens to do.

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20100112/b1e7b3bd/attachment.bin>


More information about the es-discuss mailing list