Hacker News new | past | comments | ask | show | jobs | submit login

I've had to cache a secure reference to call() in a JS library intended to exist in potentially hostile environments.

This call helper is often used to avoid prototype pollution vulnerabilities when patching native prototypes.




Very interested to learn more about this use case. This is to protect against hostile environments blocking function calls by polluting prototypes?

I do a lot of work on SDKs which run in semi-hostile environments, so prototype pollution is something I'm frequently running up against.


> This is to protect against hostile environments blocking function calls by polluting prototypes?

Correct. I go into more detail about into our problem space and use cases here: https://transcend.io/blog/defeating-cookie-banners




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: