[e-lang] Rights amplification without transfering flow of control in Caja or ADsafe
Mark Miller
erights at gmail.com
Sun May 18 00:19:09 CDT 2008
On Sat, May 17, 2008 at 2:04 PM, Tyler Close <tyler.close at gmail.com> wrote:
> To implement the ref_send API in Javascript, the eventual operator
> must securely recognize its created promises, without transferring
> flow of control to an untrusted object. For example, consider the
> implementation of Q.when(promise, ...). The when() implementation must
> queue an observer on the private list of observers inside the provided
> promise object. The implementation can't just call a method on the
> provided promise object, because it might be an untrusted object that
> makes an immediate call or throws an exception. I had been recognizing
> promises by checking the value of the 'constructor' property, but both
> ADsafe and Caja forbid access to this member. Is there some other way
> to perform rights amplification without transferring flow of control
> in Caja and ADsafe?
The rights amp you need here seems to be a simple trademark check.
Caja supports JS's instanceof operator, which should be adequate for
this purpose.
(Caja also has an experimental trademarking API, but I don't think
it's stable yet -- I'll be suggesting some changes.)
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the e-lang
mailing list