Mark S. Miller (2015-04-29T17:37:41.000Z)
d at domenic.me (2015-05-11T16:44:06.640Z)
On Wed, Apr 29, 2015 at 10:26 AM, C. Scott Ananian <ecmascript at cscott.net> wrote: > How about: Isn't this still vulnerable to the Promise.resolve attack? IIUC, this attack enables the attacker to cause this.constructor to lie, so how would checking it help?