caller poison pills, revisited (Was: A few arrow function specification issues)

Mark S. Miller erights at google.com
Mon Apr 23 13:16:23 PDT 2012


On Mon, Apr 23, 2012 at 11:15 AM, Brendan Eich <brendan at mozilla.org> wrote:

> Allen Wirfs-Brock wrote:
>
>> This raises the issue that ES5.1 overlooked poisoning caller/arguments
>> for Function.prototype.  Only function object created using the algorithm
>> in 13.2 have the the poison pill properties and Function.prototype is not
>> specified using 13.2.
>>
>
> Function.prototype is special already:
>
> js> Function.prototype
> function () {}
> js> Function.prototype.prototype
> js>
>
> I think we did the right thing in not adding poisoned pills to it. Was
> there a capability leak involving Function.prototype that I missed?


As allowed by the spec, yes. Fortunately, this is securable on the latest
available dev versions of IE, FF, Chrome, Safari, and Opera. For some of
these, even the released version is already securable.

>From http://es-lab.googlecode.com/svn/trunk/src/ses/explicit.html on
Chrome 19.0.1084.30
beta

   -

   [-] 29) All fine: Built in functions leak "caller".

   See http://code.google.com/p/v8/issues/detail?id=1643

   http://code.google.com/p/v8/issues/detail?id=1548

   https://bugzilla.mozilla.org/show_bug.cgi?id=591846


   http://wiki.ecmascript.org/doku.php?id=conventions:make_non-standard_properties_configurable

   See Test Sbp_A10_T1<http://hg.ecmascript.org/tests/test262/file/c84161250e66/test/suite/bestPractice/Sbp_A10_T1.js>

   -

   [-] 30) All fine: Built in functions leak "arguments".

   See http://code.google.com/p/v8/issues/detail?id=1643

   http://code.google.com/p/v8/issues/detail?id=1548

   https://bugzilla.mozilla.org/show_bug.cgi?id=591846


   http://wiki.ecmascript.org/doku.php?id=conventions:make_non-standard_properties_configurable

   See Test Sbp_A10_T2<http://hg.ecmascript.org/tests/test262/file/c84161250e66/test/suite/bestPractice/Sbp_A10_T2.js>


visiting http://es-lab.googlecode.com/svn/trunk/src/ses/explicit.html in
your browser will state whether your browser is securable. The diagnostic
on #29 and #30 will state whether this issue in particular is securable.

-- 
    Cheers,
    --MarkM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120423/a904166c/attachment.html>


More information about the es-discuss mailing list