Lecture series on SES and capability-based security by Mark Miller

Allen Wirfs-Brock allen at wirfs-brock.com
Fri Nov 4 09:25:52 PDT 2011


On Nov 4, 2011, at 8:50 AM, Juan Ignacio Dopazo wrote:

> On Thu, Nov 3, 2011 at 7:55 PM, Mark S. Miller <erights at google.com> wrote:
>     function makeTable() {
>       var array = [];
>       return Object.freeze({
>         add: function(v) { array.push(v); },
>         store: function(i, v) { array[i] = v; },
>         get: function(i) { return array[i]; }
>       });
>     }
> 
>  Given just a table instance, can Bob nevertheless obtain direct access to the underlying array?
> 
> So Bob can cheat by extending Array.prototype, right?

MarkM said "all primordial built-in objects are transitively frozen" so Array.prototype is not extensible and Array.prototype.push is not writable...

Allen

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20111104/3ea05e29/attachment.html>


More information about the es-discuss mailing list