« Bugzilla Issues Index
#1075 — ES5 forgot to specify safe .caller and .arguments behaviors for built-in functions
- bug_id:
1075
- creation_ts:
2012-11-27 12:35:00 -0800
- short_desc:
ES5 forgot to specify safe .caller and .arguments behaviors for built-in functions
- delta_ts:
2015-02-19 22:03:38 -0800
- product:
Draft for 6th Edition
- component:
normative change from ES5.x
- version:
Rev 12: November 22, 2012 Draft
- rep_platform:
All
- op_sys:
All
- bug_status:
RESOLVED
- resolution:
FIXED
- bug_file_loc:
http://wiki.ecmascript.org/doku.php?id=conventions:make_non-standard_properties_configurable
- priority:
Normal
- bug_severity:
blocker
- everconfirmed:
true
- reporter:
Mark Miller
- assigned_to:
Allen Wirfs-Brock
- cc:
erights
- commentid:
2876
- comment_count:
0
- who:
Mark Miller
- bug_when:
2012-11-27 12:35:31 -0800
ES5 was only careful for three categories of functions: strict, non-strict, and bound, all of which were specified to enable an SES initialization to secure the realm for ocap safety. However, ES5 forgot to do so for built-in functions, and some allowed implementations in the past were not practically securable for this reason: they had the old magic behavior *and* were not deletable.
There's another leak as well: [[Get]] on non-strict functions were specified not to reveal a strict caller. But we forgot to specify that it couldn't reveal a built-in or bound caller.
- commentid:
12548
- comment_count:
1
- who:
Allen Wirfs-Brock
- bug_when:
2015-02-13 10:02:43 -0800
fixed in rev34 editor's draft
paragraph one has was addressed a long time ago
in rev34 modified 9.2.1 such that all callables, except for sloppy mode ES functions are censored.
- commentid:
13062
- comment_count:
2
- who:
Allen Wirfs-Brock
- bug_when:
2015-02-19 19:10:57 -0800
fixed in rev34
- commentid:
13173
- comment_count:
3
- who:
Mark Miller
- bug_when:
2015-02-19 22:03:38 -0800
See https://bugs.ecmascript.org/show_bug.cgi?id=1223