Improving Function.prototype.bind

David Bruant bruant.d at gmail.com
Fri Jan 6 08:08:39 PST 2012


Le 06/01/2012 16:54, Andrea Giammarchi a écrit :
> there is no security issue ... it's meant like that plus what Mark did 
> not think about, is that if I use
>
> (function () {
>    function callback() {}
>
>    var object = {};
>
>    window.addEventListener("no way", object.boundTo(callback), false);
>
>    // later on
>
>
>    window.removeEventListener("no way", object.boundTo(callback), false);
> }());
>
>
> inside a scope other objects can not reach, nobody will ever be able 
> to retrieve the resulting bound function/object.
Of course, the case you show is not a problem. The problem arise when 2 
potentially malicious scripts have access to the same object (Mark used 
'Object' as an example).
But with modules, module loaders and the end of global scope, I wonder 
to what extent this happens. i'll answer directly to Mark message to 
discuss this.

David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120106/0a8c1831/attachment.html>


More information about the es-discuss mailing list