Created
March 7, 2017 02:39
-
-
Save yefremov/4e95e362af8ad2b2bf94e90aba52db56 to your computer and use it in GitHub Desktop.
Making `uncurryThis()` safe to use in the presence of untrusted code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // How does one write a JavaScript meta-program that can operate reliably on | |
| // other objects in its JavaScript context (in a browser – within the same | |
| // frame), despite the loading of arbitrary code later into that same frame? | |
| // The problem is that the later code may arbitrarily modify, override, or | |
| // remove methods on the primordial built-in objects. To make the problem | |
| // tractable, we assume that the meta program consists of modules that are | |
| // first evaluated before their frame has become corrupted. | |
| function uncurryThis(func) { | |
| return function () { | |
| return Function.call.apply(func, arguments); | |
| } | |
| } | |
| var slice = uncurryThis(Array.prototype.slice); | |
| var reduce = uncurryThis(Array.prototype.reduce); | |
| var map = uncurryThis(Array.prototype.map); | |
| var filter = uncurryThis(Array.prototype.filter); | |
| var some = uncurryThis(Array.prototype.some); | |
| var every = uncurryThis(Array.prototype.every); | |
| console.log(slice(['foo', 'bar', 'baz'], 1, 2)); | |
| // => ["bar"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment