W3C home > Mailing lists > Public > public-webcrypto@w3.org > February 2016

[Bug 29437] Parsing a JWK can have side-effects if not done very carefully

From: <bugzilla@jessica.w3.org>
Date: Tue, 09 Feb 2016 02:13:49 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-29437-7213-1mEAEp2PmR@http.www.w3.org/Bugs/Public/>

--- Comment #4 from Boris Zbarsky <bzbarsky@mit.edu> ---
The carefully written reviver function I've though of so far would be black-box
indistinguishable from giving all the dictionaries and arrays null prototypes. 
At least I think I can do that with a reviver function.

It's possible we could come up with a carefully written reviver function that
is black-box indistinguishable from a separate global, but I haven't managed to
come up with such a beast yet, even prospectively.

I agree with your goals: ideally the black-box behavior here would be something
that could run wherever you feel like...

You are receiving this mail because:
You are on the CC list for the bug.
Received on Tuesday, 9 February 2016 02:13:52 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 9 February 2016 02:13:53 UTC