On 08/12/2013 03:41 PM, Jim Blandy wrote:
We might be able to do it with a Debugger source-rewriting hook, like
the one Marc Feeley implemented. (That's all but ready to land; I need
to take care of that before it bit-rots.)
What I can't see how to do this way, though, is retaining taint on
property names. If I say:
let n = <some string>;
let nt = <same string as n, but tainted>;
let o = {}; o[n] = 42;
let ot = {}; ot[nt] = 42;
let m = Object.getOwnPropertyNames(o)[0];
let mt = Object.getOwnPropertyNames(ot)[0];
let x = o[nt];
let xt = ot[n];
then m === mt should be true, and x and xt should both be 42, but mt
should be tainted and m not.
It seems like we'd need to re-implement objects to make this work. Which
can be done, but...
Is there a better way?
_______________________________________________
dev-tech-js-engine-internals mailing list
dev-tech-js-engine-internals@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-js-engine-internals
