Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Function constructor and default policy #458

Closed
lukewarlow opened this issue Feb 26, 2024 · 4 comments
Closed

Function constructor and default policy #458

lukewarlow opened this issue Feb 26, 2024 · 4 comments

Comments

@lukewarlow
Copy link
Member

Follow up from #445

Currently the default policy gets "(function(foo\n) { \nbody\n})" or something along those lines aka a compiled function string. This requires that we pass through the fully compiled string to the default policy. This I suspect isn't very useful in practice, Ecmascript actually passes the host language the body and individual parameter arguments though. So we could provide those to the default policy instead of or in addition to the compiled string?
@lukewarlow
Copy link
Member Author

If we ignored the compat risk and I'm not sure if it's possible but ideally we could mutate the parameter list argument and the return from the default policy in this case would just be the modified body?

That way you can modify the function properly without needing to de or reconstruct function strings?

This would simplify the https://tc39.es/proposal-dynamic-code-brand-checks/ change as we wouldn't need the compiled string passed into it. So the change would be making it return a value and the code like checks.

@lukewarlow
Copy link
Member Author

cc @koto @otherdaniel

Unfortunately we're potentially limited on changes we can make due to Chrome already shipping Function constructor default policy handling which requires the compiled string. And returning the fully compiled string from the default policy too.

We can definitely at least provide the parameter list and body string as separate arguments additionally though.

A large part of this will depend on what we envisage the usage of Function() with the default policy to actually look like? Is it likely to actually need to modify the value? Or is it more likely to just be a gate where if it's an unexpected value we just abort?

@lukewarlow lukewarlow mentioned this issue Feb 26, 2024
Merged
@koto
Copy link
Member

koto commented Feb 26, 2024

[...] what we envisage the usage of Function() with the default policy to actually look like? Is it likely to actually need to modify the value? Or is it more likely to just be a gate where if it's an unexpected value we just abort?

The latter, when designing this we assumed parsing untrusted Javascript in order to "sanitize" it would be quite niche. Pretty much the only reason why a default policy accepts a TrustedScript and can change it, was to make its behavior similar to the one for other types.

@lukewarlow lukewarlow mentioned this issue Feb 29, 2024
Closed
@lukewarlow
Copy link
Member Author

CLosing this for now, we can reopen a more dedicated issue regarding giving the default policy more useful information in this case in future if we feel it warranted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@koto @lukewarlow