Fwd: Re: insteadof operator

Bergi a.d.bergi at web.de
Fri Jun 26 00:59:25 UTC 2015


joe wrote:

> Would there be any security issues? Also,  runtime or lexical scope?
>
> I've actually wanted this feature for a while now, but  always assumed it
> had no chance of happening due to security issues. Of course, I know
> nothing about security so I could be wrong.

Actually, now that you mention it, yes there might be.
Iirc, some sandboxing techniques rely on executing unknown scripts in an 
own scope where globals (and other stuff that could be used to escape) 
are shadowed by local variables that contain the "secured" counterparts. 
By introducing an operator to undo shadowing, you could break out of that.

  Bergi


More information about the es-discuss mailing list