[Webkit-unassigned] [Bug 151134] JS builtins should use secured functions

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Nov 12 01:08:00 PST 2015


https://bugs.webkit.org/show_bug.cgi?id=151134

--- Comment #3 from Xabier Rodríguez Calvar <calvaris at igalia.com> ---
(In reply to comment #2)
> I wonder how much of these unsafe cases can be flagged using static
> analysis/style checking tools.
> 
> Do we have a JS style checker?
> Would it be also useful for the inspector code?

I don't know if a style checker is enough. It might be a step forward, but from my POV there are tons of unsafe operations. Take an array as an example. We use array operations all the way long at the builtins. A malicious change in the array prototype could be devastating (I haven't tried, though). Yes, we could do something similar to what we did with the promises at streams and use internal prototype operations but the more you do this, the more you make your code absolutely unreadable.

I think the situation should be solved in a different way that could be marking builtins code with a secure flag that would make some operations safe by default preventing any disruption from the user's world.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151112/9edf2b32/attachment-0001.html>


More information about the webkit-unassigned mailing list