Lecture series on SES and capability-based security by Mark Miller

Axel Rauschmayer axel at rauschma.de
Fri Nov 4 10:33:00 PDT 2011


[edited and sent to es-discuss, just in case]

>    function makeTable() {
>      var array = [];
>      return Object.freeze({
>        add: function(v) { array.push(v); },
>        store: function(i, v) { array[i] = v; },
>        get: function(i) { return array[i]; }
>      });
>    }
> 
> [...] Given just a table instance, can Bob nevertheless obtain direct access to the underlying array?

How about:

    function Bob(t) {
       var stolenArray;
       var hackedPush = function() {
           stolenArray = this;
       };
       t.store("push", hackedPush);
       t.add(0);
       console.log(stolenArray);
    }
    Bob(makeTable());

-- 
Dr. Axel Rauschmayer
axel at rauschma.de

home: rauschma.de
twitter: twitter.com/rauschma
blog: 2ality.com





More information about the es-discuss mailing list