Lecture series on SES and capability-based security by Mark Miller
Axel Rauschmayer
axel at rauschma.de
Fri Nov 4 10:33:00 PDT 2011
[edited and sent to es-discuss, just in case]
> function makeTable() {
> var array = [];
> return Object.freeze({
> add: function(v) { array.push(v); },
> store: function(i, v) { array[i] = v; },
> get: function(i) { return array[i]; }
> });
> }
>
> [...] Given just a table instance, can Bob nevertheless obtain direct access to the underlying array?
How about:
function Bob(t) {
var stolenArray;
var hackedPush = function() {
stolenArray = this;
};
t.store("push", hackedPush);
t.add(0);
console.log(stolenArray);
}
Bob(makeTable());
--
Dr. Axel Rauschmayer
axel at rauschma.de
home: rauschma.de
twitter: twitter.com/rauschma
blog: 2ality.com
More information about the es-discuss
mailing list