Subclassing ES6 objects with ES5 syntax.

C. Scott Ananian ecmascript at cscott.net
Wed Apr 29 17:26:43 UTC 2015


On Wed, Apr 29, 2015 at 1:00 PM, Mark S. Miller <erights at google.com> wrote:

> The invariant I am interested in:
>
> In a realm where we (the trusted defender who runs first) make Promise
> defensive as follows
>
> * Freeze everything primordial, as SES does
>
> * Make a DefensivePromise subclass of Promise that differs minimally,
> hopefully only by ensuring that its instances are frozen.
>
> * "Promise = DefensivePromise;" do "Promise" below refers to
> DefensivePromise
>
> * Freezing whitelisted global properties, as SES currently does for ES5
> globals, but for ES6 including "Promise"
>
>
> then it must be the case that
>
>     Promise.resolve(anything).then(anycallback)
>
> for an anything provided by a potential attacker, when executed in the
> middle of a turn does not call callback during that turn. If it calls
> anycallback at all, it calls it back *as* a later turn, i.e., in a later
> turn starting from an empty stack.
>

How about:
```
var goodPromises = new WeakSet();
class DefensivePromise {
  constructor(x) {
    super(x);
    Object.freeze(x);
    // check this.constructor here if you are paranoid.
    goodPromises.add(this);
  }
  resolve(x) {
    if (goodPromises.has(x)) {
      return super.resolve(x);
    }
    return new DefensivePromise(function(r){r(x);});
  }
}
```
Doesn't seem like this needs special support in the Promise spec.

Note that the `goodPromises` set won't be fooled by passing in
`DefensivePromise` as `new.target` to `Promise` without actually running
the `DefensivePromise` constructor.
  --scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20150429/9d8daa21/attachment.html>


More information about the es-discuss mailing list