@@ -40,6 +40,10 @@ function getOptimizableGlobals(safeGlobal) {
4040
4141 if ( ! regexpMatch ( identifierPattern , name ) ) return ;
4242
43+ // todo: reject keywords, which pass the isIdentifier check, to block
44+ // injection attacks. test should use a property name that is itself a
45+ // full program
46+
4347 // getters will not have .writable, don't let the falsyness of
4448 // 'undefined' trick us: test with === false, not ! . However descriptors
4549 // inherit from the (potentially poisoned) global object, so we might see
@@ -116,6 +120,14 @@ export function createSafeEvaluatorFactory(unsafeRec, safeGlobal) {
116120 const scopedEvaluatorFactory = createScopedEvaluatorFactory ( unsafeRec , optimizableGlobals ) ;
117121
118122 function factory ( endowments ) {
123+ // todo (shim limitation): scan endowments, throw error if endowment
124+ // overlaps with the const optimization (which would otherwise
125+ // incorrectly shadow endowments), or if endowments includes 'eval'. Also
126+ // prohibit accessor properties (to be able to consistently explain
127+ // things in terms of shimming the global lexical scope).
128+ // writeable-vs-nonwritable == let-vs-const, but there's no
129+ // global-lexical-scope equivalent of an accessor, outside what we can
130+ // explain/spec
119131 const scopeTarget = create ( safeGlobal , getOwnPropertyDescriptors ( endowments ) ) ;
120132 const scopeProxy = new Proxy ( scopeTarget , scopeHandler ) ;
121133 const scopedEvaluator = scopedEvaluatorFactory ( scopeProxy ) ;
0 commit comments