On Feb 14, 2014, at 9:00 AM, Erik Arvidsson <a...@chromium.org> wrote: > On Thu, Feb 13, 2014 at 9:00 PM, Maciej Stachowiak <m...@apple.com> wrote: > On Feb 13, 2014, at 4:01 PM, Alex Russell <slightly...@google.com> wrote: >> A closure is an iron-clad isolation mechanism for object ownership with >> regards to the closing-over function object. There's absolutely no iteration >> of the closed-over state of a function object; any such enumeration would be >> a security hole (as with the old Mozilla object-as-param-to-eval bug). You >> can't get the value of "foo" in this example except with the consent of the >> returned function: > >> >> var maybeVendFoo = function() { >> var foo = 1; >> return function(willMaybeCall) { >> if (/* some test */) { willMaybeCall(foo); } >> } >> }; >> >> Leakage via other methods can be locked down by the first code to run in an >> environment (caja does this, and nothing prevents it from doing this for SD >> as it can pre-process/filter scripts that might try to access internals). > > Caja is effective for protecting a page from code it embeds, since the page > can have a guarantee that its code is the first to run. But it cannot be used > to protect embedded code from a page, so for example a JS library cannot > guarantee that objects it holds only in closure variables will not leak to > the surrounding page... > > That is incorrect. It is definitely possible to write code that does not leak > to the environment. It is painful to do because like Ryosuke wrote you cannot > use any of the built in functions or objects. You can only use primitives and > literals. But with a compile to JS language this can be made less painful and > in the days of LLVM to JS compilers this seems like a trivial problem.
While it’s technically the case that one could write a Turing-complete closure that doesn’t leak any information, I think we all agree it’s so painful that nobody can do this successfully by hand without relying on heavily-weight tools such as Caja or a LLVM-to-JS compiler. Instead of accepting this is as a status quo, we should strive to improve the Web platform to provide better encapsulation. - R. Niwa