Lecture series on SES and capability-based security by Mark Miller
Axel Rauschmayer
axel at rauschma.de
Fri Nov 4 11:01:38 PDT 2011
But hackedPush is added to the instance, not Array.prototype.
On Nov 4, 2011, at 18:59 , Allen Wirfs-Brock wrote:
>
> On Nov 4, 2011, at 10:33 AM, Axel Rauschmayer wrote:
>
>> How about:
>>
>> function Bob(t) {
>> var stolenArray;
>> var hackedPush = function() {
>> stolenArray = this;
>> };
>> t.store("push", hackedPush);
>
>
> If Array.prototype has been frozen (as the problem statement implied) then the above line should throw.
>
>
> Allen
--
Dr. Axel Rauschmayer
axel at rauschma.de
home: rauschma.de
twitter: twitter.com/rauschma
blog: 2ality.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20111104/85f83e21/attachment.html>
More information about the es-discuss
mailing list