Opened 11 years ago

Closed 11 years ago

#7430 closed enhancement (wontfix)

dojox.secure using 'with' statements + jsLint

Reported by: William Riley Owned by: Kris Zyp
Priority: high Milestone: tbd
Component: Dojox Version: 1.1.1
Keywords: dojox.secure Cc:
Blocked By: Blocking:

Description

Dojox.secure (ticket #6348) is a great addon, but the problem is that some scripts require the full set of javascript's language features. I have an idea that would use a combination of 'with' statements and jsLint validation to allow scripts to use all of the features of javascript.

The with() statement would be used to provide an alternative context for the code to run in. The jsLint portion of the code is to validate that the script doesn't access global variables that aren't given in the alternative context. The other thing that would need to be verified is that the script doesn't start with '}' to break out of the with statement.

I'm not sure how fast this is compared to using eval() (the way dojox.secure works now), but I'm assuming it's at the same speed, if not slower. So, if a script has a validation error with the current method of execution, dojox.secure could fall back on the with statement method (and possibly, notify the developer through firebug if 'isDebug' is set to 'true').

I'm pretty sure that this is a secure method of execution, but please try to prove me wrong. There may be some wierd browser-specific thing that allows you to break out of a with statement, or access the global context that I'm oblivious to.

Change History (4)

comment:1 Changed 11 years ago by Adam Peller

Component: GeneralDojox
Owner: changed from anonymous to Kris Zyp

comment:2 Changed 11 years ago by Kris Zyp

I am not sure what you are trying to achieve by using |with|. We can already control what variables appear as global variables in the secured context with dojox.secure, we don't need |with| to do that (and |with| slows down execution because it increases the scope chain). Most of the JavaScript? language features that are disabled are to prevent accessing shared mutable prototypes/objects that critical to the environment. These aren't accessed only through global variables. For example, if we allowed the index operator one could do ({})constructor?prototype?valueOf? = function(){ return "hacked the entire system";};. Putting this in a |with| statement does not affect it at all.

comment:3 Changed 11 years ago by Kris Zyp

Try that again: ({})['constructor']['prototype']['valueOf']= function(){ return "hacked the entire system";};

comment:4 Changed 11 years ago by Kris Zyp

Resolution: wontfix
Status: newclosed
Note: See TracTickets for help on using tickets.