[Caja] Language-Based Isolation of Untrusted JavaScript

# David-Sarah Hopwood (16 years ago)

TobyMurray wrote:

Hi caja folks,

I expect you're all aware of this but I wanted to mention a paper I recently came across.

There is some really interesting formal work being done on secure [subsets] of JavaScript. The paper whose title is the subject of this post is particularly relevant and is available at: www.doc.ic.ac.uk/~maffeis/csf09.pdf

I wasn't aware of this paper, thanks.

First a technical question. The paper says in Definition 2 that, apart from numeric properties, the properties

toString, toNumber, valueOf, length, prototype, constructor, message, arguments, Object, Array, RegExp

can be accessed implicitly. However no 'toNumber' property is mentioned anywhere in the ECMAScript specs, and I don't know of any implementation-specific property of that name. Have I missed something, or is 'toNumber' a figment of the authors' imagination? (This is unfortunately almost impossible to search for.)

TobyMurray wrote:
> Hi caja folks,
> 
> I expect you're all aware of this but I wanted to mention a paper I
> recently came across.
>
> There is some really interesting formal work being done on secure
> [subsets] of JavaScript. The paper whose title is the subject of this
> post is particularly relevant and is available at:
> http://www.doc.ic.ac.uk/~maffeis/csf09.pdf

I wasn't aware of this paper, thanks.

First a technical question. The paper says in Definition 2 that,
apart from numeric properties, the properties

  toString, toNumber, valueOf, length, prototype,
  constructor, message, arguments, Object, Array, RegExp

can be accessed implicitly. However no 'toNumber' property is
mentioned anywhere in the ECMAScript specs, and I don't know of
any implementation-specific property of that name. Have I missed
something, or is 'toNumber' a figment of the authors' imagination?
(This is unfortunately almost impossible to search for.)

-- 
David-Sarah Hopwood ⚥

# Brendan Eich (16 years ago)

On May 11, 2009, at 3:14 PM, David-Sarah Hopwood wrote:

can be accessed implicitly. However no 'toNumber' property is mentioned anywhere in the ECMAScript specs, and I don't know of any implementation-specific property of that name. Have I missed something, or is 'toNumber' a figment of the authors' imagination? (This is unfortunately almost impossible to search for.)

I reviewed an older draft and passed along this correction to Sergio
et al. It is just a mistake.

For some reason many people also expect a toNumber conversion hook.

On May 11, 2009, at 3:14 PM, David-Sarah Hopwood wrote:

> can be accessed implicitly. However no 'toNumber' property is
> mentioned anywhere in the ECMAScript specs, and I don't know of
> any implementation-specific property of that name. Have I missed
> something, or is 'toNumber' a figment of the authors' imagination?
> (This is unfortunately almost impossible to search for.)

I reviewed an older draft and passed along this correction to Sergio  
et al. It is just a mistake.

For some reason many people also expect a toNumber conversion hook.

/be