new function syntax and poison pill methods

David Bruant bruant.d at gmail.com
Sun Oct 28 01:59:50 PDT 2012


Le 27/10/2012 00:59, Mark S. Miller a écrit :
> On Fri, Oct 26, 2012 at 3:45 PM, David Bruant <bruant.d at gmail.com
> <mailto:bruant.d at gmail.com>> wrote:
>
>     Le 27/10/2012 00:23, Kevin Reid a écrit :
>>     How about: there must be no /nonstandard non-configurable
>>     properties/ of standard objects.
>
> Good. This agrees with
> <http://wiki.ecmascript.org/doku.php?id=conventions:make_non-standard_properties_configurable>. 
>
>>
>>     This directly implies “SES can do its job of deleting everything
>>     not whitelisted”, and does not rely on the spec blacklisting
>>     undesirable behaviors.
>     Interesting. I think there are two slightly different problems to
>     solve:
>     1) Make applications written in the language securable
>     2) Make applications written in the language not insecure
>
>     ES5 strict mode, by poison-pilling .caller and .arguments and by
>     fixing dynamic scoping features took in the direction of making
>     the language not insecure by default.
>
>
> Did you mean "not insecurable by default". ES5 strict by itself is
> certainly far from secure (or "not insecure"). But because of poison
> pills and such, ES5 is securable.
I meant "not insecure by default" when I wrote it, but I agree "not
insecurable by default" is more correct.

>  
>
>     The addition of Object.freeze and a couple of other things went in
>     the direction of making the applications securable.
>
>     I feel I was going for making the language not insecure with my
>     section 2 refinement, but I guess which is better really depends
>     on the danger provided by the non-standard capability.
>     I guess there is a case for both. Maybe the refinment I proposed
>     could fall into 2 subsections: one for "don't ever add this kind
>     of capability to the language or you're putting users at risk" and
>     another for "if you add this kind of capability, make sure it's
>     securable" (non-configurable I assume for most cases).
>
>
> Did you mean "configurable"?
Yes, of course, sorry about this very misleading typo.

David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20121028/dd2a4418/attachment.html>


More information about the es-discuss mailing list