Mutable Proto

Kevin Reid kpreid at google.com
Thu Mar 21 14:16:51 PDT 2013


On Thu, Mar 21, 2013 at 2:04 PM, Brandon Benvie <bbenvie at mozilla.com> wrote:

> If I understand correctly, this wrapper code is used for all code executed
> in SES (but I may be wrong): http://code.google.com/p/**
> google-caja/source/browse/**trunk/src/com/google/caja/ses/**
> startSES.js#643<http://code.google.com/p/google-caja/source/browse/trunk/src/com/google/caja/ses/startSES.js#643>
>

Yes. SES requires 'with' as a means to hook into 'global' variable reads
and writes; without it, it is impossible to emulate the semantics of
browser global environments, such as in:

<script>
  var x = 1;
</script>
<script>
  x = 2;
</script>

However, the SES _security_ approach does not actually require 'with': if
we did not need to intercept writes to 'global' variables, we could simply
ensure that every free variable in the source is bound in the wrapper code,
or in the future use loaders as MarkM just noted. We don't currently
implement this potential optimization.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130321/dc128be5/attachment.html>


More information about the es-discuss mailing list