Monday, February 1, 2010

I finally understand [[Prototype]]

... except for why "myFun.prototype = null" acts like "myFun.prototype = Object.getPrototypeOf({})" but "myObj.__proto__ = null" does not. I prefer the latter as it takes us way closer to enabling wrapper-based (with no rewriting / static analysis) capability security.

Hopefully post tomorrow about a scary class of attack Dave Wagner pointed out as exploitable in my code: platform exceptions that are outside of standard language semantics yet still are script level.

No comments:

Post a Comment