related: are explicitly bound functions going to get a 'target' reference
to the unbound function in ES6? I've manually set this property many times
(mainly for debugging)
On Thu, May 31, 2012 at 9:05 PM, Mark S. Miller <erig...@google.com> wrote:
> On Thu, May 31, 2012 at 7:44 PM, David Herman <dher...@mozilla.com> wrote:
> > On May 31, 2012, at 2:40 PM, Mark S. Miller wrote:
> >
> >> if (isBoundOrWhateverWeCallIt(f)) {
> >> //... do something
> >> } else {
> >> //... do something else
> >> }
> >>
> >> If the predicate means what I think it should mean, I can offer some
> examples of when I would do this.
> >
> > Could you? I haven't yet understood what you want your predicate to mean
> or what you want it for.
>
> Take a look at slides 45 and 46 of
> http://www.infoq.com/presentations/Secure-Mashups-in-ECMAScript-5
>
> http://qconsf.com/dl/qcon-sanfran-2011/slides/MarkS.Miller_RemainingHazardsAndMitigatingPatternsOfSecureMashupsInEcmaScript5.pdf
>
> Rewind first to remind yourself of enough context to get the point.
>
> Rather than teach defensive programmers to write
> "(1,subscribers[+i])(publication);", I think it is both more robust
> and more teachable to teach them to do input validation where they
> accept a function that they expect to not be this-sensitive.
>
> subscribe: function(subscriber) {
> if (!isBoundThisOrWhateverWeCallIt(subscriber)) {
> throw Error("only non-this-sensitive functions (such as
> bound functions) may be subscribers");
> }
> subscribers.push(subscriber);
> }
>
> Amusingly, the example becomes exactly the inverse of Allen's,
> leveraging soundness rather than fighting incompleteness.
>
> We could instead make the subscribe method defensive by writing
>
> subscribe: function(subscriber) {
> subscribers.push(subscriber.bind(undefined));
> }
>
> This would be as safe; it would successfully prevent the same attacks.
> When the attacks are due to malice, this would be as good -- better
> since it is simpler. But most "attacks" are actually accidents, not
> malice. This simpler alternative fails to give an early diagnostic to
> accidental attackers -- which is directly analogous to the test's
> purpose in Allen's code. The "(1,subscribers[+i])" technique shown on
> the slide has the same lack-of-early feedback problem.
>
> With the isBoundThisOrWhateverWeCallIt test as previously proposed,
> callers of subscribe can only successfully call it with either a fat
> arrow function or a bound function, which is often an unnecessary
> burden on these callers. With the test I propose, callers can also
> successfully call it with any function that neither mentions this nor
> contains a direct eval operator. The remaining false negatives of my
> test would cause only the minor annoyance of "unnecessarily" rejecting
> "safe" cases like
>
> subscribe(function() { if (false) { doSomethingWith(this); } });
>
> --
> Cheers,
> --MarkM
> _______________________________________________
> es-discuss mailing list
> es-discuss@mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>
_______________________________________________
es-discuss mailing list
es-discuss@mozilla.org
https://mail.mozilla.org/listinfo/es-discuss
