Thank you. -- pesan asli -- Subjek: Re: [v8-users] Best way to protect against external JS affecting internal JS Dari: Toon Verwaest <verwa...@chromium.org> Tanggal: 13-03-2013 21.23
Once we have proper symbol (private names) support, you could use that to make your own internal API. On Wed, Mar 13, 2013 at 2:56 PM, Michael Schwartz <myk...@gmail.com> wrote: > Can Harmony Proxies be used to detect when the prototypes or builtins are > being overridden? > > If so, you could save the original and provide a new API to fetch the > original. > > On Mar 13, 2013, at 3:01 AM, Jakob Kummerow <jkumme...@chromium.org> > wrote: > > On Tue, Mar 12, 2013 at 11:56 PM, Benjamin Kalman <kal...@chromium.org>wrote: > >> I'm on the Chrome Extensions team, and we've run into a problem where >> extensions override Array.prototype.forEach in a way that breaks our >> internal JS. >> >> A workaround we've done is to write our own forEach method, but this >> problem is widespread - extensions also override JSON, >> document.createElement, etc - the vector for accidental breakage is as >> widespread as all of the JS and DOM libraries. >> > > Welcome to JavaScript! Have you considered using a language with a sane > specification? > > >> What is the best way to protect against this in a general way? >> > > There is none. Being able to monkey-patch everything is a "feature" of the > language. Fun fact: some properties are read-only, so they can be relied > upon. Or can they? > > Math.PI > 3.141592653589793 > > Math.PI = 4 > > Math.PI > 3.141592653589793 > > Math = {PI: 4} > > Math.PI > 4 > > >> The only safe thing I can think of is to run all our code in a separate >> context, but I've been told that creating contexts is an expensive >> operation. How expensive? >> > > Have you tried benchmarking it? If you can't measure it, it's not > important. If you can, you'll have data to help decide whether the > difference is a problem in your use case or not. > > >> Alternatively, apparently v8 has solved this problem internally by >> guaranteeing that it's running the builtin libraries - is/can this be >> exposed? >> > > Sorry, no. > You can lobby for an official way to retrieve the original unpatched > implementations to be included in ECMAScript 7. The general problem with > introducing sanity, however, is that you can't break existing code, which > basically means that all the good stuff has to be opt-in, which in turn > means that the original problem doesn't just go away, instead you'll still > have to support it until it slowly dies out, if ever. > > Crazy idea: how about a rule for the Chrome web store that forbids > monkey-patching builtins? :-) > > >> Cheers, >> Ben. >> >> -- >> -- >> v8-users mailing list >> v8-users@googlegroups.com >> http://groups.google.com/group/v8-users >> --- >> You received this message because you are subscribed to the Google Groups >> "v8-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to v8-users+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > > -- > -- > v8-users mailing list > v8-users@googlegroups.com > http://groups.google.com/group/v8-users > --- > You received this message because you are subscribed to the Google Groups > "v8-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to v8-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- > -- > v8-users mailing list > v8-users@googlegroups.com > http://groups.google.com/group/v8-users > --- > You received this message because you are subscribed to the Google Groups > "v8-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to v8-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- -- v8-users mailing list v8-users@googlegroups.com http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- -- v8-users mailing list v8-users@googlegroups.com http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.