Alberto Leal
Alberto Leal
Noting here that from my findings in https://github.com/bcoe/sandcastle/issues/31#issuecomment-45405647, the `Error.prepareStackTrace` seems to be fixed as of node `v0.11.13` with v8 `3.25.30`. But not node `v0.10.28` with `v8 3.14.5.9`.
@yorickvP out of curiosity, would doing the following still not fix this issue? ``` js delete Error.prepareStackTrace; delete Error.captureStackTrace; ```
Hmm. Apparently deleting those functions still doesn't fix the exploit in node `v0.10.28`.
One could freeze the `Error` object since an exploit relies on being able to add properties to it: ``` js "use strict"; delete Error.prepareStackTrace; delete Error.captureStackTrace; Object.freeze(Error); ``` @yorickvP thoughts?
I like some proposals. But definitely needs colour.
Since it's obvious that the route `/primus/primus.js` is intended for dev use. Is there a way to disable this middleware? I intend to do custom bundling of the primus client...
Nevermind, found this: https://github.com/primus/primus/tree/master#primusremovename
Any progress on this? I have a usecase where format specifiers are provided by the user, and I had _thought_ that `. to_string()` would panic on invalid format specifiers; but...
@benjamn I'm using the following https://github.com/sebmck/roadrunner to reload with nodemon/node/gnode much faster with 6to5. AFAIK, this isn't really documented, and I found this from lurking issue pages.
+1. Ideally, I'd like to see something like http://lodash.com/custom-builds