search

svnlabs / google-caja

Automatically exported from code.google.com/p/google-caja
0 stars 1 forks source link

Deal with Object.observe() #1936

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Object.observe is present in Chrome 36. Object.observe can break the WeakMap 
emulation. WeakMap has also been enabled in the same version, so the emulation 
will not be used in this case.

However, WeakMap.js should, for correctness, do one of: 
1. patching Object.observe to suppress the hidden name,
2. deleting Object.observe, or
3. refusing to run.

For plain SES/Caja sandboxing, even if we had observe but not WeakMap, there 
would be no effects because Object.observe is not on the SES whitelist.

There would be a problem if innocent code was using Object.observe on objects 
given to it by guest code, and passing information about keys back, but that is 
already a potential problem since the host frame isn't patched to hide the 
hidden property.

Original issue reported on code.google.com by kpreid@google.com on 8 Sep 2014 at 5:26

GoogleCodeExporter commented 9 years ago

Original comment by erights@google.com on 15 Feb 2015 at 7:58