caller poison pills, revisited (Was: A few arrow function specification issues)
brendan at mozilla.org
Mon Apr 23 11:42:25 PDT 2012
The threat (not sure how real) is not a string telling the backtrace,
it's an object reference to an ancestor function in the call stack.
Domenic Denicola wrote:
>> I'm becoming increasing convinced that the poison pill approach to securing the caller chain is a poor approach. We keep finding leaks in and it does nothing to prevent implementation from inventing new ways to expose the stating they are trying to hide. I now think we would be better off with a general,non-algorithmic restriction on conforming implementation that forbid them from exposing elements of the caller chain in the situations that the poison pills were intended to address.
> This sounds a bit drastic—wouldn't it preclude V8's Error.captureStackTrace?
> es-discuss mailing list
> es-discuss at mozilla.org
More information about the es-discuss