Mark S. Miller
erights at google.com
Thu Jan 5 21:03:53 PST 2012
Such a built in memoization, whether by boundTo or this enhancement to bind
itself, creates a fatal ambient communications channel.
// initSES initialization, freezing all built in primordials other than
the true global
// load Alice as a confined object graph
// load Bob as a confined object graph. Alice and Bob should not be
able to communicate
// Covert channels mean we might not be able to prevent them from
// But we must certainly prevent capability leaks
Object.boundTo(Object).foo = capabilityBobShouldntGet;
Object.bind(Object).foo = capabilityBobShouldntGet;
var HAH = Object.boundTo(Object).foo;
var HAH = Object.bind(Object).foo;
David's WeakMap approach elegantly avoid this problem, because Alice and
Bob can only communicate if they already share access to this WeakMap, in
which case they could already communicate anyway.
On Thu, Jan 5, 2012 at 5:22 PM, Brendan Eich <brendan at mozilla.com> wrote:
> On Jan 5, 2012, at 4:47 PM, Andrea Giammarchi wrote:
> > Guys, by any chance we can go back into the topic?
> You'll have to polyfill Function.prototype.bind in the current world of
> pre-ES5 browsers. Why not then go on to wrap it in a memoizing version that
> uses a WeakMap if available (emulated with strong keys/values array-based
> implementation if not)?
> If you need this machinery, it's all doable. If we should evolve a Harmony
> bind or betterBind based on your experience and others, we can do that.
> Right now the lack of memoization is not a burning issue, from what I
> hear. You've raised it, I think for the first time on es-discuss.
> es-discuss mailing list
> es-discuss at mozilla.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss