Lecture series on SES and capability-based security by Mark Miller
Allen Wirfs-Brock
allen at wirfs-brock.com
Fri Nov 4 09:25:52 PDT 2011
On Nov 4, 2011, at 8:50 AM, Juan Ignacio Dopazo wrote:
> On Thu, Nov 3, 2011 at 7:55 PM, Mark S. Miller <erights at google.com> wrote:
> function makeTable() {
> var array = [];
> return Object.freeze({
> add: function(v) { array.push(v); },
> store: function(i, v) { array[i] = v; },
> get: function(i) { return array[i]; }
> });
> }
>
> Given just a table instance, can Bob nevertheless obtain direct access to the underlying array?
>
> So Bob can cheat by extending Array.prototype, right?
MarkM said "all primordial built-in objects are transitively frozen" so Array.prototype is not extensible and Array.prototype.push is not writable...
Allen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20111104/3ea05e29/attachment.html>
More information about the es-discuss
mailing list