Strong brand checking in JavaScript

You're correct, except that these frameworks already delete any unrecognized globals - but they don't delete unrecognized Function.prototype properties, for example.

In other words, adding this new API as a global is viable; adding it as a prototype method is not. Additionally, being a global means it can be denied in a scope - being a prototype method means it could sneak its way in via any function that crosses a membrane boundary, which would break security invariants.

1 Like