I was doing that manually with Elsewhere but you have to know your code. I
don't see a reasonable way to trust external one unless a mechanism to flag
that unserialize as "not trusted" and keep that in mind per each function
execution ( something like dealing with images in canvas then try to
access/modify them which results in security exception if image is not
trusted ) ... Elsewhere, 2009, if anyone is interested:
http://webreflection.blogspot.com/2009/07/elsewhere-sandboxes-have-never-been.html
On Mon, Nov 5, 2012 at 1:28 PM, David Bruant <bruan...@gmail.com> wrote:
> Le 05/11/2012 22:11, Andrea Giammarchi a écrit :
>
> I see security problems all over ... you own your function, you can make
>> it "pure" or serializable ... you don't know your function, I believe
>> there's no way you want that unknown function to be executed in your own
>> sandbox opening doors for any sort of attack, i.e. ... this is pure, no
>> outer scope access at all: function pure() { function(){return
>> this}.call(null).Function.**prototype.serialize = function() { /* boom
>> */ } }
>>
> Interesting.
> Assuming the own/don't own divide, there is a way to annotate
> (symbol/(Weak)Set) functions that are known pure and export only these.
>
> David
>
_______________________________________________
es-discuss mailing list
es-discuss@mozilla.org
https://mail.mozilla.org/listinfo/es-discuss
