caller poison pills, revisited (Was: A few arrow function specification issues)

Brendan Eich brendan at mozilla.org
Mon Apr 23 11:42:25 PDT 2012


The threat (not sure how real) is not a string telling the backtrace, 
it's an object reference to an ancestor function in the call stack.

/be

Domenic Denicola wrote:
>> I'm becoming increasing convinced that the poison pill approach to securing the caller chain is a poor approach.  We keep finding leaks in and it does nothing to prevent implementation from inventing new ways to expose the stating they are trying to hide. I now think we would be better off with a general,non-algorithmic restriction on conforming implementation that forbid them from exposing elements of the caller chain in the situations that the poison pills were intended to address.
>
> This sounds a bit drastic—wouldn't it preclude V8's Error.captureStackTrace?
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>


More information about the es-discuss mailing list