How to modify the scope chain without `with` ?
/#!/JoePea
joe at trusktr.io
Tue Feb 16 17:10:04 UTC 2016
But then, you might as well start using modules and properly scoping
variables, as that will lend to much more readable code.
(Sent again, wrong "from")
/#!/JoePea
On Feb 16, 2016 7:57 AM, "Coroutines" <coroutines at gmail.com> wrote:
> On Tue, Feb 16, 2016 at 7:45 AM, Michał Wadas <michalwadas at gmail.com>
> wrote:
> >
> > 2016-02-16 15:51 GMT+01:00 Coroutines <coroutines at gmail.com>:
> >>
> >> Having the ability to derive from "global" (only in Node) and
> >> prepare an Object to run an function within as its global context
> >> would be an invaluable ability. (imo)
> >
> >
> >
> > It seems like an obvious idea, but in fact it's almost impossible to
> secure
> > - consider `true.constructor.constructor("alert('XSS')")()`
> > ECMAScript lacks secure sandbox that would work in every browser, but
> such
> > limited scope manipulation is totally useless as "secure sandbox".
> >
> > BTW, such limited scope manipulation is already possible, see how my
> library
> > works there -
> >
> https://github.com/Ginden/reflect-helpers/blob/master/tests/closures.js#L14
> > (it heavily uses `eval`).
> >
> > Sending again because of wrong "to".
> >
>
> Okay - different argument: if you can provide actual environment
> inheritance you can avoid collisions assigning to the "global scope".
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20160216/31952abd/attachment.html>
More information about the es-discuss
mailing list