On Sun, Jul 27, 2014 at 6:14 PM, Mark S. Miller <[email protected]> wrote: > Although there is some interesting work in trying to obtain security > relevant guarantees from a script that isn't first, where a malicious script > may instead have been first (link please if anyone has it), this work did > not seem practical to me.
I'm not familiar with actual deep research in this area for JS. Seems to me like a syntactic way of including a module that's guaranteed to be a system module (completely sealed of the shelf) would circumvent a lot of these problems. For example, a module that gives you a fresh default global object with all the built-ins guaranteed unchanged. Since the syntax can't really be affected by an earlier script and the language could define a hardcoded system module, this kind of approach seems viable to me. But we're digressing from the topic. - peter _______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
