new function syntax and poison pill methods

Mark S. Miller erights at google.com
Fri Oct 26 14:57:19 PDT 2012


#3 as is does not require implementations to not provide magic insecurable
"caller" and "arguments" properties, just as ES5 by itself does not require
implementations to not provide such properties on built-ins. Indeed, before
many side conversations, there were conforming implementations that had
non-configurable (and hence non-deletable) magic "caller" and "arguments"
properties on built-ins. SES could not these platforms at reasonable cost.
Fortunately, we were able to convince all such platforms to change even
without the power of a normative spec behind us.

#3-prime would require that these not be provided, so that it would
correspond correctly to your description: 'there is no "caller" nor
"arguments" property at all'.


On Fri, Oct 26, 2012 at 2:48 PM, David Bruant <bruant.d at gmail.com> wrote:

>  Le 26/10/2012 21:29, Mark S. Miller a écrit :
>
> (...)
>
>
> #3 as is is unacceptable, because the spec would be inadequate to reason
> about the security of a SES-for-ES6.
>
> I don't understand why it's the case. Both for built-ins and new syntax,
> if there is no "caller" nor "arguments" property at all, I don't see how it
> makes harder to reason about the spec.
> Is it the inconsistency of some functions having poison pills and others
> having nothing?
>
> David
>
>  On Fri, Oct 26, 2012 at 10:37 AM, Allen Wirfs-Brock <
> allen at wirfs-brock.com> wrote:
>
>> (...)
>>
>>
>> 3)  They never get poison pills because new implementor would be silly
>> enough to associate they legacy features with new syntax.
>>
>
>


-- 
    Cheers,
    --MarkM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20121026/73c117fc/attachment.html>


More information about the es-discuss mailing list