[e-lang] Rights amplification without transfering flow of control in Caja or ADsafe
Tyler Close
tyler.close at gmail.com
Sat May 17 16:04:26 CDT 2008
To implement the ref_send API in Javascript, the eventual operator
must securely recognize its created promises, without transferring
flow of control to an untrusted object. For example, consider the
implementation of Q.when(promise, ...). The when() implementation must
queue an observer on the private list of observers inside the provided
promise object. The implementation can't just call a method on the
provided promise object, because it might be an untrusted object that
makes an immediate call or throws an exception. I had been recognizing
promises by checking the value of the 'constructor' property, but both
ADsafe and Caja forbid access to this member. Is there some other way
to perform rights amplification without transferring flow of control
in Caja and ADsafe?
--Tyler
More information about the e-lang
mailing list