Fixing instanceof (Array.isArray() etc.)?

Axel Rauschmayer axel at rauschma.de
Sat Jan 21 22:17:45 PST 2012


> with postMessage and other standard/secure ways to pass data around the cross frame problem is slowly disappearing unless it's meant to sandbox the Array, as example, of that frame.
> 
> A classic example is indeed the freedom to extend the way we like a sandboxed Array which hopefully will never interferes with others defined elsewhere, either Array public static methods or those attached to the prototype.
> 
> If I define Array.prototype.doMyStuff in my frame I *don't* want to affect external environment anyhow plus if the top frame performs an instanceof check against my Array, and the result is true, I may expect that frame to execute my doStuff method which may points to sandboxed, private, properties I don't want other frames to access or change in untrusted code.

Makes sense. If this kind of issue went away, that would be great!

> Array.isArray is OK for Array like objects so that we know that common operation are allowed while instanceof should act exactly as it does now so no confusion cross frame will be possible.

Note: Array.isArray() in general returns false for array-like objects:

$ (function () { return Array.isArray(arguments) }())
false


-- 
Dr. Axel Rauschmayer
axel at rauschma.de

home: rauschma.de
twitter: twitter.com/rauschma
blog: 2ality.com



More information about the es-discuss mailing list