a future caller alternative ?
bbenvie at mozilla.com
Fri Mar 8 14:51:17 PST 2013
As an example of the security vulnerabilities possibly exposed by being
able able to get the caller, look to V8's somewhat recently fixed
toString/valueOf caller that exposed the internal operator functions
like MUL, DIV, etc. Unpatchable (by something like Caja) communication
channels, capability leaks abound.
More information about the es-discuss