Comment #9 on issue 1393 by [email protected]: Last RegExp input can be
accessed from anywhere
http://code.google.com/p/v8/issues/detail?id=1393
I just noticed this text in comment #7 above:
I am not aware of any attempt to stop access to RegExp.input (although it
would be reasonable), but a secure
environment would probably have to prevent direct access to the RegExp
constructor completely (just as
access to Function and eval would probably be prevented).
SES (Secure EcmaScript) as implemented on ES5 does indeed do all these when
necessary, while retaining much compatibility with the spec. We replace
each of these with a safe wrapper. The repair of RegExp is considered
a "repair", since it is triggered by the presence of undeletable
non-standard behavior, in violation of
http://wiki.ecmascript.org/doku.php?id=conventions:make_non-standard_properties_configurable .
You can see which repairs happen in which browsers by visiting
http://google-caja.googlecode.com/svn/trunk/src/com/google/caja/ses/explicit.html
in that browser.
The RegExp wrapper is installed by the repair_REGEXP_CANT_BE_NEUTERED
function, currently at
http://code.google.com/p/google-caja/source/browse/trunk/src/com/google/caja/ses/repairES5.js#1413
eval wrapper is the fakeEval function, currently at
http://code.google.com/p/google-caja/source/browse/trunk/src/com/google/caja/ses/startSES.js#584
The Function wrapper is the FakeFunction function, currently at
http://code.google.com/p/google-caja/source/browse/trunk/src/com/google/caja/ses/startSES.js#564
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
