Save Object.observe()! (please) + make WeakMap/WeakSet observable.
Matthew Robb
matthewwrobb at gmail.com
Wed Nov 4 22:04:34 UTC 2015
On Wed, Nov 4, 2015 at 4:46 PM, Tom Van Cutsem <tomvc.be at gmail.com> wrote:
> 1) If a module A hands out a reference to, say, a function f to modules B
> and C, then C could use this primitive to replace f with its own proxied
> version. Module B expects f to work as A intended, but module C can
> completely override its behavior, stealing any arguments to the function
> that B would pass. This is really bad behavior from a security and
> modularity perspective.
It seems like a straight forward solution for this might be adding
something like `Proxy.preventTrapping(...)` and have this applied to all
module exports/imports by default. Since modules work off bindings and not
object properties.
- Matthew Robb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20151104/19c0a3d3/attachment.html>
More information about the es-discuss
mailing list