Status: New
Owner: ----
Labels: Type-Defect Priority-Medium Component-SES
New issue 1936 by
kpr...@google.com: Deal with Object.observe()
https://code.google.com/p/google-caja/issues/detail?id=1936
Object.observe is present in Chrome 36. Object.observe can break the
WeakMap emulation. WeakMap has also been enabled in the same version, so
the emulation will not be used in this case.
However, WeakMap.js should, for correctness, do one of:
1. patching Object.observe to suppress the hidden name,
2. deleting Object.observe, or
3. refusing to run.
For plain SES/Caja sandboxing, even if we had observe but not WeakMap,
there would be no effects because Object.observe is not on the SES
whitelist.
There would be a problem if innocent code was using Object.observe on
objects given to it by guest code, and passing information about keys back,
but that is already a potential problem since the host frame isn't patched
to hide the hidden property.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings