Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure brands are tied to their evaluation #5

bakkot opened this issue Oct 3, 2019 · 0 comments


Copy link

commented Oct 3, 2019

Whatever implementation is used for this, I think the following invariant is important:

If some code has access to a code-like object x which is coerced the string y when passed to eval, but does not have access to a mechanism for creating other code-like objects, then it should not be possible for this code to create an object which coerces to any string other than y when passed to eval.

For example, it should not be possible to just override the toString of x, assuming that is what is used for coercion. Similarly it should not be possible to copy the brand from x to a different object with a different toString, or to wrap x in a Proxy which overrides the get handler to return a different value for toString.

If this invariant does not hold, you need to audit any code downstream of the thing which can create code-like objects, not just that code itself. That's a much trickier problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
1 participant
You can’t perform that action at this time.