Comment #7 on issue 1444 by [email protected]: Making WeakMap security not
depending on HIDDEN_NAME being neither unguessable nor undiscoverable
http://code.google.com/p/google-caja/issues/detail?id=1444
"This would not work in the cross-frame case (e.g. a frozen object could
only be put in WeakMaps belonging to the frame that froze it)"
I forgot to answer to this part. That's actually an interesting question to
which I don't have the answer to. Is Caja capable of running script in an
iframe one of its hosts has opened before the iframe own code? If so, then,
you can alter the iframes Object.freeze.
I currently don't even know if the platform can allow the parent of a frame
to run something on the frame before the frame code executes.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
