Error stack strawman
Steve Fink
sphink at gmail.com
Wed Feb 24 23:59:05 UTC 2016
On 02/24/2016 01:30 PM, Mark S. Miller wrote:
> [2] This solves only one of the cross-realm issue with stacks. It does
> nothing to address worries about cross-realm stacks.
>
We do have code in FF that handles cross-realm stacks, or at least a
close moral equivalent to them. The stacks are stored internally as
objects, and each frame records where it comes from, so a user will only
see frames that it has privileges for. Obviously, once you convert to a
string, you're past the point of control.
(Or at least, that's my understanding of what is going on. I'm not sure
if that stuff is used for Error.stack yet.)
More information about the es-discuss
mailing list