167Re: ADsafe rules
- Apr 5, 2008I want .get and .set to work without blacklists. They are intended to
get and set data members in objects. So that is all they will allow.
They will not get or set function values. They will not manipulate
was a mistake.
Some of the member restrictions are motivated by obvious attacks
(apply, call, eval, prototype, watch). Some are to prevent rights
amplification even in cases where that does not lead to known exploits
(callee, caller, constructor, unwatch). Some are because they make me
- << Previous post in topic Next post in topic >>