DescriptionThe taming membrane uses Object.prototype.toString to detect builtin
objects (Date, Float32Array, etc.) and copy them across the membrane
as the same type. ES6 allows objects to change their "toStringTag",
thus making this spoofable.
Therefore, harden each special copy case so that if the toString result
is spoofed, the membrane cannot be punctured.
Also fixed some ineffective tests in test-taming-inout-guest.js.
@r5710
Patch Set 1 #
Total comments: 1
MessagesTotal messages: 4
|