search

endojs / endo

Endo is a distributed secure JavaScript sandbox, based on SES
Apache License 2.0
829 stars 72 forks source link

Feature Request: `compartment.globalThis.AsyncFunction` #1995

Open serapath opened 10 months ago

serapath commented 10 months ago

After playing a bit with vanilla JS to explore how to defend against code accessing (()=>{}).constructor and (async()=>{}).constructor and learned about Object.defineProperty not being able to change writable for async functions to true, but Object.defineProperties can, i manage to prevent code from access.

Anyway, I do think it would be cool to have access to Function and AsyncFunction in sandboxed code without access to the real global object, hence the feature request for:

compartment.globalThis.AsyncFunction

cheers :-)

kriskowal commented 10 months ago

If it’s a bridge too far to add a per-compartment AsyncFunction, we could provide compartment.AsyncFunction and give the holder to option to endow that onto the Compartment.