DescriptionCommitted as 739a368f287d119c263428367df1dffd98906d0f .
ES6 extended the syntax of identifiers to include the unicode escape
sequence backslash-u-opencurly-hexdigits-closecurly. This meant that
untrusted code could name global variables that we would not notice as
a single token, and thus would not censor.
Since this regexp-based recognition of possible variable name mentions
seems fragile, we added an additional backstop mechanism: we sample
the set of global variable names and build a backstop object with a
poisoned accessor for each of these names. Each actual scopeObject
then inherits from this accessor. Thus, if atLeastFreeVarNames missed
a name, but that was the name of a global variable when the backstop
was built, then the poisoned accessor on the backstop will intercept
it instead.
We add a new ses.resampleGlobal() to the privileged api, so our client
can advise when they've added additional global variables, so we can
resample.
This change builds on https://codereview.appspot.com/285330043/ ,
which should be considered our diffbase.
Patch Set 1 #
Total comments: 14
Patch Set 2 : Fix and backstop bugs in finding identifier names. #
Total comments: 1
Patch Set 3 : Fix and backstop bugs in finding identifier names. #
Total comments: 2
Patch Set 4 : Fix and backstop bugs in finding identifier names. #
MessagesTotal messages: 11
|