caller poison pills, revisited (Was: A few arrow function specification issues)

Brendan Eich brendan at
Mon Apr 23 11:42:25 PDT 2012

The threat (not sure how real) is not a string telling the backtrace, 
it's an object reference to an ancestor function in the call stack.


Domenic Denicola wrote:
>> I'm becoming increasing convinced that the poison pill approach to securing the caller chain is a poor approach.  We keep finding leaks in and it does nothing to prevent implementation from inventing new ways to expose the stating they are trying to hide. I now think we would be better off with a general,non-algorithmic restriction on conforming implementation that forbid them from exposing elements of the caller chain in the situations that the poison pills were intended to address.
> This sounds a bit drastic—wouldn't it preclude V8's Error.captureStackTrace?
> _______________________________________________
> es-discuss mailing list
> es-discuss at

More information about the es-discuss mailing list