Currently, the this value in module scope is globalThis. This is a gap in fidelity, since it should be undefined, but is not a leak. This change alters the signature of the module functor generated by StaticModuleRecord such that this is bound to undefined with the existing instantiation code in ses. This also ensures that the undeniable arguments lexical name reveals nothing about the evaluator or module calling convention to the module.
This will break any program that depends on this being bound to globalThis. Since all such programs were already invalid and would not work in other environments like Node.js, I am choosing to treat this as a non-breaking-change, even though it may require bug-fixes elsewhere to reconcile versions.
Security Considerations
This change does not add or remove any capabilities from the scope of modules, just requires that globalThis to be spelled out in full.
Scaling Considerations
This should not affect scale.
Documentation Considerations
This makes behavior more consistent with expectations documented for ESM generally.
Testing Considerations
I’ve included a ses test that was breaking before the change to static-module-record.
Upgrade Considerations
This change will alter the hash of the Agoric kernel modules and will get picked up when bundles get regenerated. Some contracts may have bugs where this is assumed to be globalThis.
Description
Currently, the
thisvalue in module scope isglobalThis. This is a gap in fidelity, since it should beundefined, but is not a leak. This change alters the signature of the module functor generated byStaticModuleRecordsuch thatthisis bound toundefinedwith the existing instantiation code inses. This also ensures that the undeniableargumentslexical name reveals nothing about the evaluator or module calling convention to the module.This will break any program that depends on
thisbeing bound toglobalThis. Since all such programs were already invalid and would not work in other environments like Node.js, I am choosing to treat this as a non-breaking-change, even though it may require bug-fixes elsewhere to reconcile versions.Security Considerations
This change does not add or remove any capabilities from the scope of modules, just requires that
globalThisto be spelled out in full.Scaling Considerations
This should not affect scale.
Documentation Considerations
This makes behavior more consistent with expectations documented for ESM generally.
Testing Considerations
I’ve included a
sestest that was breaking before the change tostatic-module-record.Upgrade Considerations
This change will alter the hash of the Agoric kernel modules and will get picked up when bundles get regenerated. Some contracts may have bugs where
thisis assumed to beglobalThis.