- From: <bugzilla@jessica.w3.org>
- Date: Tue, 09 Feb 2016 01:46:39 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=29437 --- Comment #2 from Boris Zbarsky <bzbarsky@mit.edu> --- As in bug 29438, Gecko currently implements this by doing the JSON.parse and then the conversion from an object to a dictionary in a clean global. Another option is to do JSON.parse in the normal global (or really any global of your choice), but create all the objects and arrays involved with null prototypes instead of Object.prototype. I think these options are black-box distinguishable from each other if the JSON has an object where our dictionary expects a string, because String(Object.create(null)) throws, while String(Object.create(Object.prototype)) does not. Speccing the null prototype thing might be a little more difficult because http://www.ecma-international.org/ecma-262/6.0/#sec-json.parse step 5 is a bit hard to monkeypatch. It's possible that a black-box-identical effect could be produced with a carefully written reviver function, though (and UAs would be free to optimize if desired). I'm somewhat interested in _not_ requiring creation of a separate global here, honestly... It seems like a good bit of overhead for no particularly good reason. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Tuesday, 9 February 2016 01:46:42 UTC