On Mon 20 Jan 2014 18:39, Brendan Eich <bren...@mozilla.com> writes: > Allen Wirfs-Brock wrote: >> It isn't clear that there much need for a global name for >> GeneratorFunction. If you really eed to access it can always get it >> via: >> >> (function *() {}).constructor > > Does this present a hazard for CSP, which provides policy controls > governing Function?
Relevant spec: http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html#script-src I guess CSP needs to be updated to have similar language for GeneratorFunction as for Function. As Allen mentions, though it doesn't have a name it is accessible. I just took a look at SM and V8 and it seems both of them respect CSP for the GeneratorFunction constructor, though both are lacking test cases. Not sure how to trigger such a test case without a browser. Andy _______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss