You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The reason will be displayed to describe this comment to others. Learn more.
Broken is really overstating the case. This seems tantamount to protecting against Object.keys = Array.prototype.reduce = function () { throw new Error("pwned"); };.
The reason will be displayed to describe this comment to others. Learn more.
Not really. If I'm unsure whether the variable is even declared, why would I be sure that it's non-null immediately after? Is it safe to assume that if a window reference is in scope, it's an object? If so, then feel free to leave it.
The reason will be displayed to describe this comment to others. Learn more.
I would rather not have to pay the price in bytes or complexity for a solution that will not be observably better in real usage. There is no system that protects against malice in previously run scripts. We might shoot for protecting against malice in subsequently run scripts.
439a78a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still broken.
You don't want to access a property unless you know it's
!= null
. My proposed fix would have been fine:439a78a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Broken is really overstating the case. This seems tantamount to protecting against
Object.keys = Array.prototype.reduce = function () { throw new Error("pwned"); };
.439a78a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not really. If I'm unsure whether the variable is even declared, why would I be sure that it's non-
null
immediately after? Is it safe to assume that if awindow
reference is in scope, it's an object? If so, then feel free to leave it.439a78a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would rather not have to pay the price in bytes or complexity for a solution that will not be observably better in real usage. There is no system that protects against malice in previously run scripts. We might shoot for protecting against malice in subsequently run scripts.