Mark S. Miller (2015-04-29T18:30:50.000Z)
d at domenic.me (2015-05-11T16:45:26.574Z)
On Wed, Apr 29, 2015 at 11:12 AM, C. Scott Ananian <ecmascript at cscott.net> wrote: > Assuming that you don't export DefensivePromise to the attacker, this is > fine. Otherwise, I think this is still vulnerable to Reflect.construct > lying about new.target: Clever. Yes, this attack works. > Since it's `Promise.then` you care about, I think the approach in my > previous message (where `then` is tested directly) is preferable. As demonstrated, vulnerable to TOCTTOU.