Mark S. Miller
Mark S. Miller
But why is this a practical problem? Did you encounter code that you care about that breaks because of this? I am trying to understand the motivation. On Wed, Sep...
After taming, the `Error` in the start compartment is powerful, as only things in the start compartment can be, and the default `Error` for constructed compartments is powerless, as it...
`Error` situation is exactly parallel to `Date`.
See https://github.com/endojs/endo/pull/1290
Of possible interest: https://github.com/Agoric/agoric-sdk/pull/1468 , which is when @michaelfig introduced the agoric-sdk patch for depd. Do look at the patch ;)
In light of https://github.com/endojs/endo/pull/1290 , should this PR be closed?
Due to https://github.com/google/caja/wiki/SES#this-binding-of-global-function-calls The weird trap isn't happening in evaluating the user code. Rather, the `valueOf()` causes the scopeProxy to leak as the completion value. The playground code then treats...
Well, it is also a mention of `this`. But good point. I genuinely do not know what the least confusing short title would be. "Uses `this`" can be misunderstood in...
> @mhofman @erights I’d like to land this without the fifth with block, without fixing the global lexicals leak (#912), and then proceed to work on that fix myself after...
> adds a failing test `test-scope-handler-pollution` because the test's prototype pollution broke the `makeSafeEvaluator` internals This sounds like a severe bug and a possible vulnerability to code (like vetted shims)...