ServerJS/Modules/Secure: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Moved the security requirements Ihab and I drafted to a sub-page.)
 
(Removed constraints for objects returned by require, or the transitive environment.)
 
Line 3: Line 3:
# A module must not write to any free variables or their transitive members.
# A module must not write to any free variables or their transitive members.
# A module must not refer to any free variables apart from primordials ("Object", "Array", etc. as defined by ECMAScript), "require", "environment", and "exports".
# A module must not refer to any free variables apart from primordials ("Object", "Array", etc. as defined by ECMAScript), "require", "environment", and "exports".
# A module must not tamper with (assign to, assign to members of, delete, or otherwise mutate) the transitive primordials, the "require" object, any object returned by "require", or the transitive "environment".
# A module must not tamper with (assign to, assign to members of, delete, or otherwise mutate) the transitive primordials.

Latest revision as of 00:23, 5 March 2009

To be usable in secured module loaders, a module must conform to additional constraints:

  1. A module must not write to any free variables or their transitive members.
  2. A module must not refer to any free variables apart from primordials ("Object", "Array", etc. as defined by ECMAScript), "require", "environment", and "exports".
  3. A module must not tamper with (assign to, assign to members of, delete, or otherwise mutate) the transitive primordials.
Retrieved from "https://wiki.mozilla.org/index.php?title=ServerJS/Modules/Secure&oldid=131900"