Fwd: Re: insteadof operator
a.d.bergi at web.de
Fri Jun 26 00:59:25 UTC 2015
> Would there be any security issues? Also, runtime or lexical scope?
> I've actually wanted this feature for a while now, but always assumed it
> had no chance of happening due to security issues. Of course, I know
> nothing about security so I could be wrong.
Actually, now that you mention it, yes there might be.
Iirc, some sandboxing techniques rely on executing unknown scripts in an
own scope where globals (and other stuff that could be used to escape)
are shadowed by local variables that contain the "secured" counterparts.
By introducing an operator to undo shadowing, you could break out of that.
More information about the es-discuss