FIXME added for possibly leaking private symbol during tctor call
This is a security-related issue: we want to ensure that the user cannot, without debugging tools, retrieve certain internal details that may be used to compromise an implementation.protolib
parent
031489a07b
commit
07c0a974af
|
@ -882,6 +882,8 @@ exports.prototype.createConcreteCtor = function( cname, members )
|
||||||
// handle internal trait initialization logic, if provided
|
// handle internal trait initialization logic, if provided
|
||||||
if ( typeof this.___$$tctor$$ === 'function' )
|
if ( typeof this.___$$tctor$$ === 'function' )
|
||||||
{
|
{
|
||||||
|
// FIXME: we're exposing _priv to something that can be
|
||||||
|
// malicously set by the user; encapsulate tctor
|
||||||
this.___$$tctor$$.call( this, _priv );
|
this.___$$tctor$$.call( this, _priv );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue