I was doing that manually with Elsewhere but you have to know your code. I don't see a reasonable way to trust external one unless a mechanism to flag that unserialize as "not trusted" and keep that in mind per each function execution ( something like dealing with images in canvas then try to access/modify them which results in security exception if image is not trusted ) ... Elsewhere, 2009, if anyone is interested: http://webreflection.blogspot.com/2009/07/elsewhere-sandboxes-have-never-been.html
On Mon, Nov 5, 2012 at 1:28 PM, David Bruant <bruan...@gmail.com> wrote: > Le 05/11/2012 22:11, Andrea Giammarchi a écrit : > > I see security problems all over ... you own your function, you can make >> it "pure" or serializable ... you don't know your function, I believe >> there's no way you want that unknown function to be executed in your own >> sandbox opening doors for any sort of attack, i.e. ... this is pure, no >> outer scope access at all: function pure() { function(){return >> this}.call(null).Function.**prototype.serialize = function() { /* boom >> */ } } >> > Interesting. > Assuming the own/don't own divide, there is a way to annotate > (symbol/(Weak)Set) functions that are known pure and export only these. > > David >
_______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss