I see this code in dom.js:
val = insecureObject[name]; // getter is safe
Now this may not be true if:
function MyClass() {}
MyClass.prototype = {
get myValue() { return 'do something nasty here'; }
}
var mc = new MyClass();
mc["myValue"];
mc["myValue"] actually executes the code, so therefore the [] getter
is not retrieving a value, but executing code. Therefore, I could I
not gain secure access to the browser by someone inspecting my JS
object?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Firebug" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/firebug?hl=en
-~----------~----~----~----~------~----~------~--~---
