a future caller alternative ?

Brandon Benvie bbenvie at mozilla.com
Fri Mar 8 14:51:17 PST 2013

As an example of the security vulnerabilities possibly exposed by being 
able able to get the caller, look to V8's somewhat recently fixed 
toString/valueOf caller that exposed the internal operator functions 
like MUL, DIV, etc. Unpatchable (by something like Caja) communication 
channels, capability leaks abound. 

More information about the es-discuss mailing list