On Mon 20 Jan 2014 18:39, Brendan Eich <bren...@mozilla.com> writes:
> Allen Wirfs-Brock wrote:
>> It isn't clear that there much need for a global name for
>> GeneratorFunction. If you really eed to access it can always get it
>> via:
>>
>> (function *() {}).constructor
>
> Does this present a hazard for CSP, which provides policy controls
> governing Function?
Relevant spec:
http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html#script-src
I guess CSP needs to be updated to have similar language for
GeneratorFunction as for Function. As Allen mentions, though it doesn't
have a name it is accessible.
I just took a look at SM and V8 and it seems both of them respect CSP
for the GeneratorFunction constructor, though both are lacking test
cases. Not sure how to trigger such a test case without a browser.
Andy
_______________________________________________
es-discuss mailing list
es-discuss@mozilla.org
https://mail.mozilla.org/listinfo/es-discuss
