Comments (3)
caridy
commented on August 15, 2024
Some browses are using internal slots for Errors (Firefox, we are looking at you), which might interfere with the remapping mechanism because some accessors might through when an error is passed from outer realm into sandbox (think of Promise.catch maybe). We should validate this.
from near-membrane.
mmis1000
commented on August 15, 2024
It looks like things like Date.prototype.getTime() Map.prototype.get can't be remapped safely unless you remap the methods and re-dispatch based on where they are object of remote realm or object of current realm.
but that has another problem.
unless you also remap the methods in outer realm.
Date/Map and other object that relies on internal slot created in inner realm won't work in outer realm.
Some class I found that has method/getter relies on internal slot
These won't work unless you remap the methods.
In turns, it means these need to be whitelisted as this object when calling methods of these class. But that sounds dangerous to me though.
from near-membrane.
caridy
commented on August 15, 2024
I have identified another small list of intrinsics that are present in node 12.x when creating a new VM:
[ 'BigUint64Array', 'BigInt64Array', 'BigInt', 'WebAssembly' ]
from near-membrane.
Related Issues (20)
- Enable async/await tests for Firefox and Safari HOT 1
- add AggregateError to the intrinsics list HOT 1
- Implement workaround for FF bug 543435: window.document instance replacement for blank pages HOT 1
- add yarn bundlesize
- Passing the red `Proxy` to a blue function HOT 1
- Code Coverage Instrumentation Failed At redEnvFactory HOT 2
- Question: Is it possible to use Child Realm in browser without access to browser-specific API? HOT 2
- [Question] What does VirtualEnvironment.link do? HOT 1
- Not work with exotic object HOT 4
- feature request: improve debug experience by set-up a private field on the proxy when possible HOT 3
- Errors and sourcemaps inside Virtualenvironment HOT 1
- Question about `liveTargetCallback` HOT 1
- Question: `eval` vs `Function(code)()` HOT 2
- error in happy-dom
- Distortions for window do not get wired
- [browsers] Impossible to observe unhandled rejection from within a sandbox HOT 2
- Methods that check internal slots will have problems with proxy wrapped values
- remap AsyncFunction constructor and friends. HOT 1
- document.all seems leaked directly to the iframe HOT 2
- EventTarget is missing in sandbox on Chrome
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from near-membrane.