[Valija, MS Web Sandbox]
[ADsafe, Dojo.Secure, Cajita, Jacaranda]
SHEET FOUR
ADS
APPS
MASHUPS
No overt channels
Primordial Objects Frozen
use lexical scope
eval
- .constructor
- .prototype
immutable functions
this limitation
Object limitation
SHEET FIVE
var tab = new WeakKeyTable()
tab.set(k, v)
tab.set(k)
obj[n] vs n.get(obj)
obj[n] = v vs n.set(obj, v)
Notes from the 2nd Meeting on Secure ECMAScript
November 18, 2008
SHEET ONE
Valija
String.prototype.foo = function () {
return this;
};
...
... "zip".foo() ...
... "zip".foo.call("zip") ...
Cajita
function re() {
"use strict,cajita";
[strike]return zip.foo();
}
SHEET TWO
foo.addListener(listener)
this.myObserver = listener;
function somethingElse() {
this.myObserver(...);
(true && this).myObserver(...);
this.myObserver.call(this, ...);
a.sort();
SHEET THREE
[Valija, MS Web Sandbox]
[ADsafe, Dojo.Secure, Cajita, Jacaranda]
SHEET FOUR
ADS
APPS
MASHUPS
No overt channels
Primordial Objects Frozen
use lexical scope
eval
- .constructor
- .prototype
immutable functions
this limitation
Object limitation
SHEET FIVE
var tab = new WeakKeyTable()
tab.set(k, v)
tab.set(k)
obj[n] vs n.get(obj)
obj[n] = v vs n.set(obj, v)
Notes from the 2nd Meeting on Secure ECMAScript November 18, 2008
SHEET ONE
Valija
Cajita
SHEET TWO
SHEET THREE
SHEET FOUR
SHEET FIVE
Notes from the 2nd Meeting on Secure ECMAScript November 18, 2008 SHEET ONE Valija String.prototype.foo = function () { return this; }; ... ... "zip".foo() ... ... "zip".foo.call("zip") ... Cajita function re() { "use strict,cajita"; [strike]return zip.foo(); } SHEET TWO foo.addListener(listener) this.myObserver = listener; function somethingElse() { this.myObserver(...); (true && this).myObserver(...); this.myObserver.call(this, ...); a.sort(); SHEET THREE [Valija, MS Web Sandbox] [ADsafe, Dojo.Secure, Cajita, Jacaranda] SHEET FOUR ADS APPS MASHUPS No overt channels Primordial Objects Frozen use lexical scope eval - .constructor - .prototype immutable functions this limitation Object limitation SHEET FIVE var tab = new WeakKeyTable() tab.set(k, v) tab.set(k) obj[n] vs n.get(obj) obj[n] = v vs n.set(obj, v)