Re: defineProperty is a blacklist from gaz Heyes on 2011-02-15 (public-web-security@w3.org from February 2011)

From: gaz Heyes <gazheyes@gmail.com>
Date: Tue, 15 Feb 2011 08:46:07 +0000
To: "sird@rckc.at" <sird@rckc.at>
Cc: public-web-security@w3.org
Message-ID: <AANLkTikKEf1R7FRWnsQWR-1M6N-viKwhuFM7LdmOiqBy@mail.gmail.com>

On 15 February 2011 07:18, sird@rckc.at <sird@rckc.at> wrote:

> I wish that JS Workers were completely isolated, and with no XHR, it would
> be a nice feature (maybe as an extra argument marking the code as
> untrusted).
>
> Anyway, what about a JS Worker triggered from a sandboxed iframe?
>

Would a sandboxed iframe allow same origin XHR urls? You'd need to stop that
but even so the point is that defineProperty should be able to disable
properties of an object that you know nothing about or that can change in
time

Received on Tuesday, 15 February 2011 08:53:45 UTC