On Sat, Jul 26, 2014 at 5:14 PM, Mark S. Miller erig...@google.com wrote:
Hi Peter, what is the security issue you are concerned about?
Unless `Reflect` is completely sealed out of the box, you can never
know whether properties on it are the actual built-ins. That's all.
- peter
Le 27/07/2014 13:35, Peter van der Zee a écrit :
On Sat, Jul 26, 2014 at 5:14 PM, Mark S. Miller erig...@google.com wrote:
Hi Peter, what is the security issue you are concerned about?
Unless `Reflect` is completely sealed out of the box, you can never
know whether properties on it are the
On Sun, Jul 27, 2014 at 1:57 PM, David Bruant bruan...@gmail.com wrote:
You can deeply freeze it yourself before any other script accesses it.
That's already assuming you are first. You may not be without your
knowledge (ISP injection, virus hijack, garden gnomes, etc). At this
point you'll be
Although there is some interesting work in trying to obtain security
relevant guarantees from a script that isn't first, where a malicious
script may instead have been first (link please if anyone has it), this
work did not seem practical to me.
My POV: A realm starts out pervasively malleable.
On Sun, Jul 27, 2014 at 6:14 PM, Mark S. Miller erig...@google.com wrote:
Although there is some interesting work in trying to obtain security
relevant guarantees from a script that isn't first, where a malicious script
may instead have been first (link please if anyone has it), this work did
On Sunday, July 27, 2014, Tab Atkins Jr. jackalm...@gmail.com wrote:
On Sat, Jul 26, 2014 at 11:36 AM, Kevin Smith zenpars...@gmail.com
javascript:; wrote:
* As far as I can tell, `hasOwnProperty` is mainly used to implement
maps
via objects. `Map` will eliminate this use case.
To a
6 matches
Mail list logo
