Mark S. Miller (2014-09-28T15:58:21.000Z)
domenic at domenicdenicola.com (2014-10-05T23:37:33.978Z)
On Sun, Sep 28, 2014 at 5:59 AM, Axel Rauschmayer <axel at rauschma.de> wrote: > Out of historical curiosity: was `Function.arguments` ever useful for > anything? It was useful to illustrate some attacks http://research.google.com/pubs/pub37199.html. If we had not successfully prohibited arguments from non-sloppy functions, or if we had not successfully prevented sloppy function from being accessible in SES, then it would have been useful for actual attacks. > Why not simply use `arguments`? Because the attacks relied on obtaining the arguments from a function that was not trying to disclose these arguments.