new function syntax and poison pill methods
Mark S. Miller
erights at google.com
Fri Oct 26 15:59:16 PDT 2012
On Fri, Oct 26, 2012 at 3:45 PM, David Bruant <bruant.d at gmail.com> wrote:
> Le 27/10/2012 00:23, Kevin Reid a écrit :
> How about: there must be no *nonstandard non-configurable properties* of
> standard objects.
> Good. This agrees with <
> This directly implies “SES can do its job of deleting everything not
> whitelisted”, and does not rely on the spec blacklisting undesirable
> Interesting. I think there are two slightly different problems to solve:
> 1) Make applications written in the language securable
> 2) Make applications written in the language not insecure
> ES5 strict mode, by poison-pilling .caller and .arguments and by fixing
> dynamic scoping features took in the direction of making the language not
> insecure by default.
Did you mean "not insecurable by default". ES5 strict by itself is
certainly far from secure (or "not insecure"). But because of poison pills
and such, ES5 is securable.
> The addition of Object.freeze and a couple of other things went in the
> direction of making the applications securable.
> I feel I was going for making the language not insecure with my section 2
> refinement, but I guess which is better really depends on the danger
> provided by the non-standard capability.
> I guess there is a case for both. Maybe the refinment I proposed could
> fall into 2 subsections: one for "don't ever add this kind of capability to
> the language or you're putting users at risk" and another for "if you add
> this kind of capability, make sure it's securable" (non-configurable I
> assume for most cases).
Did you mean "configurable"?
> In a way, the recent agreement on __proto__ is of the latter category :-)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss