FIXME added for possibly leaking private symbol during tctor call
This is a security-related issue: we want to ensure that the user cannot, without debugging tools, retrieve certain internal details that may be used to compromise an implementation.protolib
parent
031489a07b
commit
07c0a974af
|
@ -882,6 +882,8 @@ exports.prototype.createConcreteCtor = function( cname, members )
|
|||
// handle internal trait initialization logic, if provided
|
||||
if ( typeof this.___$$tctor$$ === 'function' )
|
||||
{
|
||||
// FIXME: we're exposing _priv to something that can be
|
||||
// malicously set by the user; encapsulate tctor
|
||||
this.___$$tctor$$.call( this, _priv );
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue