a future caller alternative ?

Brandon Benvie bbenvie at mozilla.com
Fri Mar 8 14:51:17 PST 2013


As an example of the security vulnerabilities possibly exposed by being 
able able to get the caller, look to V8's somewhat recently fixed 
toString/valueOf caller that exposed the internal operator functions 
like MUL, DIV, etc. Unpatchable (by something like Caja) communication 
channels, capability leaks abound. 
http://bbenvie.com/articles/2012-08-29/Interview-With-the-All-Stars-From-V8-s-runtime-js-


More information about the es-discuss mailing list