On Tue, Apr 12, 2016 at 10:45:06PM +1000, Chris Angelico wrote: > On Tue, Apr 12, 2016 at 10:42 PM, Jon Ribbens > <[email protected]> wrote: > > That's not a vulnerability, and it's something I already explicitly > > mentioned - if you can get a function to return an object's __dict__ > > then you win. The question is: can you do that? > > The question is, rather: Can you prove that we cannot?
I refer you to the answer given previously. Can you prove you cannot write code to escape JavaScript sandboxes? No? Then why have you not disabled JavaScript in your browser? _______________________________________________ Python-Dev mailing list [email protected] https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
