Lecture series on SES and capability-based security by Mark Miller
Axel Rauschmayer
axel at rauschma.de
Fri Nov 4 10:37:43 PDT 2011
> function Bob(t) {
> var stolenArray;
> var hackedPush = function() {
> stolenArray = this;
> };
> t.store("push", hackedPush);
> t.add(0);
> console.log(stolenArray);
> }
> Bob(makeTable());
As an aside: This problem would go away if we really did distinguish between accessing a property and accessing a collection element. Then the former would be done via Object.* methods, while the latter would be done via square brackets.
--
Dr. Axel Rauschmayer
axel at rauschma.de
home: rauschma.de
twitter: twitter.com/rauschma
blog: 2ality.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20111104/44fa3c72/attachment.html>
More information about the es-discuss
mailing list