Membrane API: Lock down sensitive methods

ajvincent / es-membrane

An ECMAScript implementation of a Membrane, allowing users to dynamically hide, override, or extend objects in JavaScript with controlled effects on the original objects.

111 stars 13 forks source link

Membrane API: Lock down sensitive methods #44

Open ajvincent opened 8 years ago

ajvincent commented 8 years ago

If a Membrane object leaks out, there are several ways a bad actor could cause problems:

Membrane.prototype.preventModifications() should be defined to prevent:

[ ] Creating a new ObjectGraphHandler
[ ] Calling convertArgumentToProxy with an override

The dogfood membrane can prevent some things:

[ ] Accessing the map, handlerStack, handlersByFieldName or modifyRules properties
[ ] Calling private methods.

Required for #5. Probably dependent on #6.

ajvincent commented 8 years ago

This might be achievable by revoking the "public" Membrane proxy, but that could also disable the ability to create new proxies in that membrane after the revocation.