It is possible for map/reduce functions to modify the JS global object. This state will persist between calls and could be exploited.
Using JS_DeepFreezeObject on the global prevents new code (map/reduce) being run in the thread context since it prevents any modifications being made to the runtime.
Ideally the map function should not be able to modify the global object or alternately the global object should be reset at the end of the map/reduce pass.
It is possible for map/reduce functions to modify the JS global object. This state will persist between calls and could be exploited.
Using JS_DeepFreezeObject on the global prevents new code (map/reduce) being run in the thread context since it prevents any modifications being made to the runtime.
Ideally the map function should not be able to modify the global object or alternately the global object should be reset at the end of the map/reduce pass.