Loading ...
Sorry, an error occurred while loading the content.

226Re: [caplet] adsafe.js

Expand Messages
  • David-Sarah Hopwood
    Jun 6, 2008
    • 0 Attachment
      David-Sarah Hopwood wrote:
      > Note that, unlike in Caja or Jacaranda, these methods cannot refer to
      > 'this', because ADsafe does not prevent obtaining a property that holds
      > a function and then calling it with 'this' bound to the global object.
      > ADsafe also does not prevent setting arbitrary properties (unless they
      > start with _ or are blacklisted), so there is no encapsulation between
      > objects created by a given script, including handle objects. However,
      > encapsulation is not strictly needed for ADsafe's threat model.

      I was slightly unclear here. Encapsulation of the underlying DOM node
      objects from the script is required; in the implementation I suggested,
      that is achieved by a combination of holding the node in a property that
      starts with _, and lexical closures. Encapsulation of other properties
      of the handle objects from the script is not required: it does not matter
      that a script can replace methods of a handle object, for example.

      --
      David-Sarah Hopwood
    • Show all 7 messages in this topic