GNU
/
easejs
1
0
Fork 0
Code Releases Activity

FIXME added for possibly leaking private symbol during tctor call 

This is a security-related issue: we want to ensure that the user cannot,
without debugging tools, retrieve certain internal details that may be used
to compromise an implementation.
protolib
Mike Gerwitz 2014-07-07 23:09:58 -04:00
parent 031489a07b
commit 07c0a974af
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/ClassBuilder.js
View File

@ -882,6 +882,8 @@ exports.prototype.createConcreteCtor = function( cname, members )
// handle internal trait initialization logic, if provided // handle internal trait initialization logic, if provided
if ( typeof this.___$$tctor$$ === 'function' ) if ( typeof this.___$$tctor$$ === 'function' )
{ {
// FIXME: we're exposing _priv to something that can be
// malicously set by the user; encapsulate tctor
this.___$$tctor$$.call( this, _priv ); this.___$$tctor$$.call( this, _priv );
} }