How to modify the scope chain without `with` ?
joe at trusktr.io
Tue Feb 16 17:10:04 UTC 2016
But then, you might as well start using modules and properly scoping
variables, as that will lend to much more readable code.
(Sent again, wrong "from")
On Feb 16, 2016 7:57 AM, "Coroutines" <coroutines at gmail.com> wrote:
> On Tue, Feb 16, 2016 at 7:45 AM, Michał Wadas <michalwadas at gmail.com>
> > 2016-02-16 15:51 GMT+01:00 Coroutines <coroutines at gmail.com>:
> >> Having the ability to derive from "global" (only in Node) and
> >> prepare an Object to run an function within as its global context
> >> would be an invaluable ability. (imo)
> > It seems like an obvious idea, but in fact it's almost impossible to
> > - consider `true.constructor.constructor("alert('XSS')")()`
> > ECMAScript lacks secure sandbox that would work in every browser, but
> > limited scope manipulation is totally useless as "secure sandbox".
> > BTW, such limited scope manipulation is already possible, see how my
> > works there -
> > (it heavily uses `eval`).
> > Sending again because of wrong "to".
> Okay - different argument: if you can provide actual environment
> inheritance you can avoid collisions assigning to the "global scope".
> es-discuss mailing list
> es-discuss at mozilla.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss