Responses inline. On Monday, October 1, 2018, Jordan Harband <[email protected]> wrote:
> Function.prototype.toString wouldn't suffice as a verification - you could > reconstruct it with eval, in many cases > I've specifically constructed a use that I believe cannot be reconstructed in such a way, with or without eval. And I've made it easy to share a counterexample if there is one (just copy the shareable link). and refactoring the implementation shouldn't force a change in the identity > of a function. > I disagree, since ECMAScript functions _are_ their implementations. But note that it would be trivial to extend this technique for supporting old versions, and only slightly more challenging to look for certain aspects while ignoring others. And it may also be possible to provide a function-based approach, though I'm skeptical of that because "prove you're the same as me *and* not being wrapped or impersonated" is really difficult in such a dynamic language. Regardless, the question is not whether you approve of this strategy—it's whether or not user code can implement the kind of robust and unforgeable cross-realm-compatible brand checks that are trivial with direct access to internal slots. I claim that it is, and hope that this is a stepping stone up for software and specifications that currently need to rely on layer violations. >
_______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
