new function syntax and poison pill methods

Mark S. Miller erights at
Fri Oct 26 14:57:19 PDT 2012

#3 as is does not require implementations to not provide magic insecurable
"caller" and "arguments" properties, just as ES5 by itself does not require
implementations to not provide such properties on built-ins. Indeed, before
many side conversations, there were conforming implementations that had
non-configurable (and hence non-deletable) magic "caller" and "arguments"
properties on built-ins. SES could not these platforms at reasonable cost.
Fortunately, we were able to convince all such platforms to change even
without the power of a normative spec behind us.

#3-prime would require that these not be provided, so that it would
correspond correctly to your description: 'there is no "caller" nor
"arguments" property at all'.

On Fri, Oct 26, 2012 at 2:48 PM, David Bruant <bruant.d at> wrote:

>  Le 26/10/2012 21:29, Mark S. Miller a écrit :
> (...)
> #3 as is is unacceptable, because the spec would be inadequate to reason
> about the security of a SES-for-ES6.
> I don't understand why it's the case. Both for built-ins and new syntax,
> if there is no "caller" nor "arguments" property at all, I don't see how it
> makes harder to reason about the spec.
> Is it the inconsistency of some functions having poison pills and others
> having nothing?
> David
>  On Fri, Oct 26, 2012 at 10:37 AM, Allen Wirfs-Brock <
> allen at> wrote:
>> (...)
>> 3)  They never get poison pills because new implementor would be silly
>> enough to associate they legacy features with new syntax.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the es-discuss mailing list