Comment #9 on issue 1444 by [email protected]: Making WeakMap security not
depending on HIDDEN_NAME being neither unguessable nor undiscoverable
http://code.google.com/p/google-caja/issues/detail?id=1444
"I can't offhand think of a way to do that that doesn't either depend on an
unguessable name itself or give the target object a chance to perform a
side-effect."
There is the expensive way:
var leakyweakmaps = []
function LeakyWeakMaps(){
leakyweakmaps.push(this);
// patch code
}
// ...later...
var hiddenRecord = key[HIDDEN_NAME];
if(leakyweakmaps.indexOf(hiddenRecord) === -1)
throw new Error('HIDDEN_NAME discovered and misused! Red Alert!!')
// rest of the code
This is expensive because of the linear search... hmm... and I'm realizing
leakyweakmaps are kept forever ruining the whole point of WeakMaps :-s
I'm out of ideas too for now. Sorry :-s
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
