Comment #6 on issue 1444 by [email protected]: Making WeakMap security not
depending on HIDDEN_NAME being neither unguessable nor undiscoverable
http://code.google.com/p/google-caja/issues/detail?id=1444
I didn't find a better idea than trademarking LeakyWeakMaps (and throw if
the value of HIDDEN_PROP isn't an authentic LeakyWeakMap).
Not sure how much this costs though... I imagine you already know cheap
ways to do trademarking? (the only thing I can think of in ES3 or 5 is
storing all instances in an array and search it...)
@erights: I'm not too worried about performance. This patch is doing
exactly what the previous one was doing. I just abstracted away the "keys"
and "vals" arrays. Granted, in JS all abstractions cost, but usually
marginally, not prohibitively.
But then, there is the watermarking which I don't know how to do cheaply...
In any case, agreed, it's probably something to test for.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
