Syntax based anonymous intrinsics are subject to transpiler modifications #902
Labels
confinement
Pertaining to confinement of guest programs.
debugging support
kriskowal-review-2024-01
Issues that kriskowal wants to bring to the attention of the team for review as of January, 2024
ses
Currently
get-anonymous-intrinsics.js
, uses direct syntax to grab some anonymous intrinsics. This is susceptible to transpilers which rewrite the SES shim's code to replace those syntax that didn't exists in previous JavaScript versions. If the actual target in which the transpiled code runs actually has those intrinsics implemented, the SES shim won't grab and harden them.While there is no way to protect against a malicious transpiler, we should detect and error early in the presence of transpilers that were mistakenly applied to the SES shim. One way to do this is to also
eval
the syntax used to reach the intrinsic and compare the 2 values.The text was updated successfully, but these errors were encountered: