Confirmed users
764
edits
(Copied from https://wiki.mozilla.org/User:Adw/Jetpack_reboot_questions) |
No edit summary |
||
Line 19: | Line 19: | ||
is suddenly subject to exploit because <tt>this</tt> could be set to something the client code passes in, and which they can "fake" to do malicious things. While it's certainly possible to treat <tt>this</tt> suspiciously and write secure code with it, I'd personally much rather just avoid the use of <tt>this</tt> to spare my brain the extra paranoia, unless there's some significant advantage to allowing the client to specify <tt>this</tt> themselves. | is suddenly subject to exploit because <tt>this</tt> could be set to something the client code passes in, and which they can "fake" to do malicious things. While it's certainly possible to treat <tt>this</tt> suspiciously and write secure code with it, I'd personally much rather just avoid the use of <tt>this</tt> to spare my brain the extra paranoia, unless there's some significant advantage to allowing the client to specify <tt>this</tt> themselves. | ||
''adw: OK, I say we outlaw it then, outside of constructors, for all code accepted into the Jetpack platform, including capabilities | ''adw: OK, I say we outlaw it then, outside of constructors, for all code accepted into the Jetpack platform, including capabilities, exceptions where appropriate.'' | ||
'''How should capabilities throw exceptions? Need to do something special to show a proper stack? A common <tt>JetpackError</tt> prototype?''' | '''How should capabilities throw exceptions? Need to do something special to show a proper stack? A common <tt>JetpackError</tt> prototype?''' |