Closed
Bug 601768
Opened 14 years ago
Closed 13 years ago
Ensure it's safe to hand a function to a sandbox
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: jruderman, Unassigned)
References
Details
Make sure code inside the sandbox can't... * modify the function * crawl to other objects (e.g. the function's prototype, which might be Function)
Reporter | ||
Comment 1•14 years ago
|
||
Also, does merely handing in a function such as xpcshell's "print" allow sandbox code to force the privileged caller to toString an object?
Comment 2•13 years ago
|
||
We fixed this in other places (namely flipping the __exposedProps__ default for functions).
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•