Lecture series on SES and capability-based security by Mark Miller
Juan Ignacio Dopazo
dopazo.juan at gmail.com
Fri Nov 4 08:50:50 PDT 2011
On Thu, Nov 3, 2011 at 7:55 PM, Mark S. Miller <erights at google.com> wrote:
>
> function makeTable() {
> var array = [];
> return Object.freeze({
> add: function(v) { array.push(v); },
> store: function(i, v) { array[i] = v; },
> get: function(i) { return array[i]; }
> });
> }
>
> Given just a table instance, can Bob nevertheless obtain direct access to
> the underlying array?
>
So Bob can cheat by extending Array.prototype, right?
Object.defineProperty(Array.prototype, 'self', {
get: function() {
return this;
}
});
console.log(table.get('self'));
That's why Douglas proposes using var array = Object.create(null), an
object without a prototype that can be extended.
Juan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20111104/d382186a/attachment.html>
More information about the es-discuss
mailing list