a future caller alternative ?
andrea.giammarchi at gmail.com
Fri Mar 8 15:07:11 PST 2013
OK but if it's about being able to break an environment caller would be at
the end of a list of problems :-/
On Fri, Mar 8, 2013 at 2:51 PM, Brandon Benvie <bbenvie at mozilla.com> wrote:
> As an example of the security vulnerabilities possibly exposed by being
> able able to get the caller, look to V8's somewhat recently fixed
> toString/valueOf caller that exposed the internal operator functions like
> MUL, DIV, etc. Unpatchable (by something like Caja) communication channels,
> capability leaks abound. http://bbenvie.com/articles/**
> es-discuss mailing list
> es-discuss at mozilla.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss