Closed bergus closed 8 years ago
This is common feedback, that introducing new code into environments that are not expecting it is an issue. It's on my to-do list to address it, but there are two immediate responses:
f
, pass it function () { try { return f.apply(this, arguments); } cancel catch (e) { } }
, and it will never see any cancel catch completions.This is common feedback
Ah, I had not seen it before, so I just thought to open an issue. Glad that you were going to address it anyway.
An easy example is proxies, where you can make code throw (or do any arbitrary computation) that was never expecting it before.
Hm, expecting user-supplied code or values to throw (e.g. with a getter) is one thing, expecting it not to return but still return (not hang) is another thing.
New approach no longer experiences this issue.
Thanks!
I see many other problems with introducing a new completion type, but in this issue I want to discuss the security implications. Does this allow new kinds of attacks on code that was not designed to cope with cancellations? I say yes. Consider the following crude example
Here the user is allowed to supply some
action
, but we ensure our state never becomes invalid. It's even guarded against reentrancy so that the user cannot fire asubmit
event during hisaction
.However, the picture changes with
cancel throw
. Here the user can doand when he later submits, we do have a problem.