new function syntax and poison pill methods

David Bruant bruant.d at gmail.com
Fri Oct 26 15:45:44 PDT 2012


Le 27/10/2012 00:23, Kevin Reid a écrit :
> How about: there must be no /nonstandard non-configurable
> properties/ of standard objects.
>
> This directly implies "SES can do its job of deleting everything not
> whitelisted", and does not rely on the spec blacklisting undesirable
> behaviors.
Interesting. I think there are two slightly different problems to solve:
1) Make applications written in the language securable
2) Make applications written in the language not insecure

ES5 strict mode, by poison-pilling .caller and .arguments and by fixing
dynamic scoping features took in the direction of making the language
not insecure by default.
The addition of Object.freeze and a couple of other things went in the
direction of making the applications securable.

I feel I was going for making the language not insecure with my section
2 refinement, but I guess which is better really depends on the danger
provided by the non-standard capability.
I guess there is a case for both. Maybe the refinment I proposed could
fall into 2 subsections: one for "don't ever add this kind of capability
to the language or you're putting users at risk" and another for "if you
add this kind of capability, make sure it's securable" (non-configurable
I assume for most cases).
In a way, the recent agreement on __proto__ is of the latter category :-)

David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20121027/46deb5a7/attachment.html>


More information about the es-discuss mailing list