On Wed, Nov 4, 2015 at 4:46 PM, Tom Van Cutsem <[email protected]> wrote:
> 1) If a module A hands out a reference to, say, a function f to modules B > and C, then C could use this primitive to replace f with its own proxied > version. Module B expects f to work as A intended, but module C can > completely override its behavior, stealing any arguments to the function > that B would pass. This is really bad behavior from a security and > modularity perspective. It seems like a straight forward solution for this might be adding something like `Proxy.preventTrapping(...)` and have this applied to all module exports/imports by default. Since modules work off bindings and not object properties. - Matthew Robb
_______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
