new function syntax and poison pill methods
Mark S. Miller
erights at google.com
Fri Oct 26 14:57:19 PDT 2012
#3 as is does not require implementations to not provide magic insecurable
"caller" and "arguments" properties, just as ES5 by itself does not require
implementations to not provide such properties on built-ins. Indeed, before
many side conversations, there were conforming implementations that had
non-configurable (and hence non-deletable) magic "caller" and "arguments"
properties on built-ins. SES could not these platforms at reasonable cost.
Fortunately, we were able to convince all such platforms to change even
without the power of a normative spec behind us.
#3-prime would require that these not be provided, so that it would
correspond correctly to your description: 'there is no "caller" nor
"arguments" property at all'.
On Fri, Oct 26, 2012 at 2:48 PM, David Bruant <bruant.d at gmail.com> wrote:
> Le 26/10/2012 21:29, Mark S. Miller a écrit :
> #3 as is is unacceptable, because the spec would be inadequate to reason
> about the security of a SES-for-ES6.
> I don't understand why it's the case. Both for built-ins and new syntax,
> if there is no "caller" nor "arguments" property at all, I don't see how it
> makes harder to reason about the spec.
> Is it the inconsistency of some functions having poison pills and others
> having nothing?
> On Fri, Oct 26, 2012 at 10:37 AM, Allen Wirfs-Brock <
> allen at wirfs-brock.com> wrote:
>> 3) They never get poison pills because new implementor would be silly
>> enough to associate they legacy features with new syntax.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss