... except for why "myFun.prototype = null" acts like "myFun.prototype = Object.getPrototypeOf({})" but "myObj.__proto__ = null" does not. I prefer the latter as it takes us way closer to enabling wrapper-based (with no rewriting / static analysis) capability security.
Hopefully post tomorrow about a scary class of attack Dave Wagner pointed out as exploitable in my code: platform exceptions that are outside of standard language semantics yet still are script level.
No comments:
Post a Comment