On Feb 20, 2008, at 10:48 PM, Mark Miller wrote: > On Wed, Feb 20, 2008 at 7:35 PM, Brendan Eich <[EMAIL PROTECTED]> > wrote: >> Now we could say something about the outer language and the kinds of >> objects that could be injected. But now the secure dialect in the >> sandbox is spreading its reference monitor or capability system into >> the outer language, and that outer language can't be ES3, therefore >> it can't be ES4-in-full (which is a superset of ES3, modulo de-facto >> standards fixes). > > I do not understand this comment, and it seems crucial that I do. Can > you please expand? Thanks.
I'll be concrete and talk about GreaseMonkey. A GM user script is evaluated in a sandbox, but privileged outer code first injects certain methods into the sandbox. Those functions delegate to their prototype for certain properties, notably Function.prototype.apply/ call and the constructor property. If a GM user script must now be written in a secure dialect, is it sufficient to ban all writes to computed property names, and to literal names not on the whitelist? /be _______________________________________________ Es4-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es4-discuss
