You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
But, SES also prevents me from polyfilling Object.keys if it doesn't exist. (Ah, SES doesn't work in older browsers, I'm assuming? That's not my fault tho as a library dev.)
Please allow for things to be extended. In your proxy you can just (pseudocode) check for:
Security for read/getter accessors precede write/setters (as in, if the read/getters aren't verifiably enough on their own, then likely their is a security hole/gap waiting to be attacked.)
The text was updated successfully, but these errors were encountered:
As @ljharb, polyfills must run before lockdown, but lockdown removes anything it doesn’t expressly permit. The latest version of SES now allows polyfills to run between the two phases of lockdown:
repairIntrinsics();// your shim herehardenIntrinsics();
This allows a polyfill to introduce new properties to shared intrinsics.
It obviously makes security sense to prevent
Object.keys
From being replaced.
But, SES also prevents me from polyfilling Object.keys if it doesn't exist. (Ah, SES doesn't work in older browsers, I'm assuming? That's not my fault tho as a library dev.)
Please allow for things to be extended. In your proxy you can just (pseudocode) check for:
Security for read/getter accessors precede write/setters (as in, if the read/getters aren't verifiably enough on their own, then likely their is a security hole/gap waiting to be attacked.)
The text was updated successfully, but these errors were encountered: