Thank you.
-- pesan asli --
Subjek: Re: [v8-users] Best way to protect against external JS affecting
internal JS
Dari: Toon Verwaest verwa...@chromium.org
Tanggal: 13-03-2013 21.23
Once we have proper symbol (private names) support, you could use that to
make your own internal API.
On Wed, Mar 13, 2013 at 2:56 PM, Michael Schwartz myk...@gmail.com wrote:
Can Harmony Proxies be used to detect when the prototypes or builtins are
being overridden?
If so, you could save the original and provide a new API to fetch the
original.
On Mar 13, 2013, at 3:01 AM, Jakob Kummerow jkumme...@chromium.org
wrote:
On Tue, Mar 12, 2013 at 11:56 PM, Benjamin Kalman kal...@chromium.orgwrote:
I'm on the Chrome Extensions team, and we've run into a problem where
extensions override Array.prototype.forEach in a way that breaks our
internal JS.
A workaround we've done is to write our own forEach method, but this
problem is widespread - extensions also override JSON,
document.createElement, etc - the vector for accidental breakage is as
widespread as all of the JS and DOM libraries.
Welcome to JavaScript! Have you considered using a language with a sane
specification?
What is the best way to protect against this in a general way?
There is none. Being able to monkey-patch everything is a feature of the
language. Fun fact: some properties are read-only, so they can be relied
upon. Or can they?
Math.PI
3.141592653589793
Math.PI = 4
Math.PI
3.141592653589793
Math = {PI: 4}
Math.PI
4
The only safe thing I can think of is to run all our code in a separate
context, but I've been told that creating contexts is an expensive
operation. How expensive?
Have you tried benchmarking it? If you can't measure it, it's not
important. If you can, you'll have data to help decide whether the
difference is a problem in your use case or not.
Alternatively, apparently v8 has solved this problem internally by
guaranteeing that it's running the builtin libraries - is/can this be
exposed?
Sorry, no.
You can lobby for an official way to retrieve the original unpatched
implementations to be included in ECMAScript 7. The general problem with
introducing sanity, however, is that you can't break existing code, which
basically means that all the good stuff has to be opt-in, which in turn
means that the original problem doesn't just go away, instead you'll still
have to support it until it slowly dies out, if ever.
Crazy idea: how about a rule for the Chrome web store that forbids
monkey-patching builtins? :-)
Cheers,
Ben.
--
--
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to the Google Groups
v8-users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to v8-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
--
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to the Google Groups
v8-users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to v8-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
--
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to the Google Groups
v8-users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to v8-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
--
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to the Google Groups
v8-users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to v8-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
--
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to the Google Groups
v8-users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to v8-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.