Problems with strict-mode caller poisoning

Dave Fugate dave.fugate at gmail.com
Wed Nov 28 15:16:57 PST 2012


Believe you're correct on the former, but perhaps not the latter=)

E.g.:
     6 /**
     7    * @path ch15/15.3/15.3.5/15.3.5.4/15.3.5.4_2-1gs.js
     8    * @description Strict mode - checking access to strict function
caller from strict function (FunctionDeclaration defined within strict mode)
     9   * @onlyStrict
    10  * @negative TypeError
    11  */
    12
    13
    14 "use strict";
    15 function f() {
    16     return gNonStrict();
    17 }
    18 f();
    19
    20
    21 function gNonStrict() {
    22     return gNonStrict.caller;
    23 }

is globally scoped strict mode and passes only when a TypeError gets thrown
indicating strict mode is in effect.

Dave

---------------------------------------------------------------------
+1. I just implemented this in V8, and we will see how it goes in the wild.

Interestingly, none of the 97 tests in test262 that are specifically

concerned with 15.3.5.4 fail after this change 8-}. It seems that they
are broken in at least two ways: allowing a falsey value for .caller,
and assuming that a global function would be non-strict even if the
global scope is already strict.


/Andreas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20121128/245b0cf0/attachment-0001.html>


More information about the es-discuss mailing list