review or replace object-inspect.js
used by xsnap console
#4814
Labels
Milestone
object-inspect.js
used by xsnap console
#4814
What is the Problem Being Solved?
In #4364, we changed the
xsnap
console renderer. Previously, it used theassert.quote
function from SES, which grounds out inbestEffortStringify()
, which is basically a JSON encoder with a replacer that handles non-JSON things likeundefined
. After #4364, it used a vendored copy ofobject-inspect.js
(taken from the NPM object-inspect package), which should be pretty close to what Node.js uses for its ownconsole
global.During the resulting discussion (Agoric folks can look at
#eng_ses_internal
on 08-feb-2022), @erights and @dckc expressed concern aboutobject-internal.js
. We didn't come to a consensus before we had to move on, but I think our general opinion was that we must either do a line-by-line review ofobject-internal.js
, or write our own version of it (and use that version to replaceassert.quote
, making it more readable in the process).The concerns are:
object-internal.js
runs in the start compartment as a vetted shim, so obviously has a lot of powerconsole.*
callconsole
object and will not have access to a clock or weakrefsProxy
, or objects with getters, in an attempt to confuse the consoleconsole.log()
invocationconsole.*
might not be hardened, andconsole.*
must not harden themDescription of the Design
Security Considerations
Test Plan
The text was updated successfully, but these errors were encountered: