Normative: Relax restrictions from the HostInitializeSyntheticRealm

[kriskowal]

There is a provision that within a realm the globalThis must be an ordinary object

On Wed, Jun 9, 2021 at 9:45 PM Jack Works @.***> wrote:

@Jack-Works commented on this pull request.

In spec.html https://github.com/tc39/proposal-realms/pull/316#discussion_r648845329:

@@ -388,6 +385,13 @@

Runtime Semantics: HostInitializeSyntheticRealm ( realm )

including HTMLElement, console, localStorage, fetch, etc..

• The Realm constructor (
• creates a new global object as an ordinary object. This
• means all properties from the global object are deletable.

What if an exotic object removes the property but adds it back in the future?

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/tc39/proposal-realms/pull/316#pullrequestreview-680337508, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAOXBV7JJOTETJZ6SEA2R3TSA7NVANCNFSM46MPA3KA .

[mhofman]

What if an exotic object removes the property but adds it back in the future?

@Jack-Works then the global object is not an ordinary object :)

Is there any invariant anywhere that says the host cannot add properties to an ordinary object, in particular globalThis in an "unexpected way", e.g. without any user code invoking a host function or host hook executing.

I don't think any host currently does this, but if a host mutates the global context of its own accord after the initial user code executes, it would enable a lockdown bypass.