►
From YouTube: SES-mtg: Bleaching the browser global object!
Description
The browser can be made safer than we thought!
A
A
B
B
Solution
that
we
found
for
the
problems
of
using
an
iframe
as
the
source
of
the
intrinsic
s--,
so
when
in
even
in
the
realm
team,
we
were
creating
an
iframe
and
taking
the
intrinsic
sout
of
that
iframe,
you
know
by
the
eye
friend
continues
to
be
hung
in
there
in
the
page.
You
have
to
keep
it
connected
in
order
to
be
able
to
use
those
in
forensics
and
and
the
evolved
of
that
iframe,
which
is
intrinsics.
B
Allow
you
to
attempt
to
do
some
operations
that
will
go
and
hit
the
network
like
a
a
dynamic
import.
For
example,
when
you
try
to
call
import
there,
it
will,
if
you
bypass
the
regular
expression,
he
hits
the
network,
so
that
becomes
a
problem
for
the
wrong
team,
and
so
we
pretty
much
wanted
to
solve
that
problem.
They
break
through
on
an
end
was
that
there
are
certain
configurations
that
you
we
have
been
trying
to.
B
B
B
So
we
I
believe
the
breakthrough
on
our
end
has
been
the
possibility
to
create
an
iframe
and
disconnect
the
iframe,
and
it
still
be
able
to
use
the
intention-
and
that
comes
with
some
flavor-
the
the
fact
that
the
iframe,
when
it
is
disconnected
any
hos
operation,
is
automatically
Corral.
They
do
not
work
Wow.
B
B
That
is,
cross
browser
works
fine
everywhere.
The
error
is
the
exact
same
error
and
there
are
many
other
operations
that
involve
the
holes,
trying
to
do
some
validation
that
automatically
get
disabled,
because
you
can
do
those
operations
in
the
throw.
So
you
really
punch
through
something
and
you
get
access
to
something
that
you
should
not
have
access
to
and
you
try
to
go
and
make
a
request
using
the
dynamic
import.
Any
other
thing
it
will
just
simply
fail.
B
B
The
latest
chrome
has
a
bar
that
do
not
allow
you
to
a
step
or
debug
any
code
inside
that
disconnected
but
all
Safari
and
and
Firefox
they
work
just
fine.
They
do
allow
you
to
continue
debugging
that
just
fine
I
believe
is
because
chrome
is
doing
some
extra
checks
there
and
there's
def
tool
to
try
to
give
you
some
sort
of
trace
or
some
sort
of
URL
or
something-
and
this
thing
is
disconnected
so
how.
B
You
just
create
a
friend
appended
and
remove
it
before
you
get
you
get
access
to
the
window,
and
then
you
remove
it.
You
catch
their
reference
to
the
window,
object
that
does
not
describe
that.
That's
not
destroyed
it,
disconnect
a
bunch
of
internal
things,
but
our
post
operations
only
it
does
not
do
anything
with
intrinsic
and
that's
the
important
bit
the
intrinsics
work.
Just
fine.
I
did
we
move
from
the
global
object.
They
are
now
removed
from
the
global
object.
What.
A
B
So
for
all,
that
means
that
we
don't
need
to
worry
about
a
user
attempting
to
do
evaluation
with
the
weather
that
is
directly
following
direct
evolve
with
imports.
It
doesn't
matter
because
if
Eevee
generates
a
network
activity,
the
network
activity
will
be
automatically
caught
out,
because
the
iframe
is
disconnected
this.
A
B
Sandbox
in
memory
that
does
not
talk
to
the
outside
world,
it's
just
intrinsic
available
for
you
to
use,
and
the
same
happens
for,
for
example,
when
you
try
to
go
up
to
the
top,
the
top
is
disconnected
so
the
returns.
No
because
I
don't
have
it
up,
and
so
it's
pretty
much
this
thing
in
memory
that
you
cannot
do
much
with
it
included
I'm
brown
JavaScript
code.
This.
C
Well,
discuss
this
in
the
past,
would
double
it
or
Daniel,
and
ten
Berghe
yeah
in
case
trying
to
find
out
if
that
environment
was
stable
and
they
were
at
the
time
some
concern
about
the
stability
of
the
other,
disconnected
iframe
would
regarding
by
our
beta
direction
yeah.
What
do
you
mean
possibility
that
the
environment
would
be
garbage
collected?
B
I
mean
it
isn't
as
stable
from
the
point
of
view,
for
example,
if
you're
trying
to
use
the
console
log
of
the
iframe.
Obviously
the
console
log
will
throw
saying
this:
is
this
connector,
whatever
whatever
they
already
I?
Don't
know,
but
we
don't,
but
the
console
log
is
not
any
it's
not
an
intrinsic.
So
you
can
now
use
that
one.
B
C
Question
about
the
consoles
specifically
and
other.
You
know
not
intrinsic
things
at
this
point,
so
if
you've
retained
the
reference
through
the
window
object
and
let's
assume
that
window
proxy
stuff
just
is
not
connected,
so
it
will
not
work,
including
console,
but
are
you
able
to
redefine
console
on
the
window
object
of
that
detached
iframe?
C
C
B
That's
one
of
the
breakthroughs
that
we
that
we
achieve,
and
it
seems
that
I
haven't
get
to
the
point
where
we
can
really
we
haven't
get
to
the
point
where
we
really
validate
that
whether
it
is
really
stable.
Now
from
the
garbage
collector
point
of
view,
I
mean
I
know
that
the
intrinsic
SAR
there,
because
we're
browning
tests
and
everything
is
just
fine.
B
B
It
seems
that
the
aspect
is
detailing
the
detaching
process.
The
detaching
process
is
very
well
documented,
so
what
they
do
when
you
remove
the
I
frame
and
how
they
do
it
and
such
it's
well-defined,
so
I
don't
see
any
any
holes
there
and
they
told
you
see
spec
but
other
than
that
I
think
in
retrospective.
B
It
makes
sense
that
they
are
doing
all
these
things
with
the
Dom
API
is
and
the
host,
and
that's
why
I
was
saying
this
is
really
about
the
host
and
anything
that
touched
the
host
behavior,
where
you
really
disconnect
the
hose
and
then
you're
sort
of
in
a
limbo
state.
But
when
it
comes
to
the
language
in
in
262,
we
don't
have
anything
about.
B
A
B
B
A
B
Think
he
fails
as
well,
because
the
module
the
262
does
not
have
any
registry
of
the
modules
any
cash.
The
catch
is
on
the
hose
yeah
and
therefore
the
hose
is
disconnected.
So
if
you
fail
to
try
to
access
that
that,
but
again
you
cannot
really
perform
same
enforce.
So
you
cannot
hit
that
that
Coppa,
anyways
okay.
A
B
B
B
So
the
second
breakthrough
is
about
the
identity
of
the
outfits
and
I
just
mentioned
early
on
I.
Think
in
a
meeting
very
briefly,
but
I
want
to
go
into
the
details
of
a
the
the
fact
that
there
are
certain
objects
that
when
you
create
an
iframe
and
in
this
case
the
sandbox
iframe,
there
are
certain
objects
whose
identity
can
now
be
replaced,
but
not
identity.
Those
objects
cannot
be
replaced
with.
Values
cannot
be
replaced
without
a
body
and
it.
B
Done
properties,
yes,
that's
an
example
of
one
of
the
language,
but
most
important,
those
that
are
provided
by
the
host,
for
example,
window
the
window
window,
the
document
or
the
windows
underscore
underscore
proto
underscore
underscore
there
are
certain
things
that
are
mark
is
not
configurable,
and
therefore
you
don't
have
a
way
to
eliminate
any.
Unless
than
you
use
them
a
magic
lines
of
code.
Arrow
then
somehow
I
believe
the
breakthrough
on
our
side
is
that
it
does
not
matter
what
the
identity
of
those
objects
are.
B
You
can
still
preserve
the
original
identity
of
the
objects
and
so
far
we
have
identified
six
of
them
and
we
can
go
over
them,
but
it
does
not
matter
what
the
identity
is.
If
you
are
able
to
change
every
bit
of
descriptors
attached
to
those
objects-
and
you
are
also
able
to
take
control
over
all
the
different
api's
who.
A
A
So,
there's
six
objects
that
non
configurable
reach
ability
from
the
global.
You
can't
make
those
six
objects
unreachable,
but
the
behavior
associated
with
those
six
objects.
None
of
the
six
objects,
presumably
are
themselves
functions,
they're
built
in
exotic
objects
and
their
behavior
is
provoked
by
using
built-in
functions
on
them
and
if
you
simply
throw
away
all
of
those
built-in
functions,
then
the
objects
become
paper
lights.
The
objects
just
become
completely
useless
because
there's
no
longer
any
built-in
functions
that
will
do
anything
and
the
object
itself.
B
You
can
do
that,
we're
not
doing
any
phrasing
by
I
I
guess
you
could
do
freezing
if
you
want
right
but
yeah.
This
is
very
accurate.
A
lot
better
explanation
of
what
I
did,
but
they
are.
There
is
one
object
that
is
very,
very
funny,
which
is
the
location
object.
Okay,
who's
who's
descriptors
are
also
not
computable
functions
that
you
can
access
out
of
it
and
those
are
not
configurable,
but
this
is
where
it
relates
to.
B
A
C
B
Else,
another
location,
the
location,
we
don't
even
touch
it.
Okay,
for
that
the
location
we
don't
touch
it
because
they,
the
bits
are
of
the
location,
are
now
configurable,
so
I
cannot
really
replace
them,
move
them
out.
Okay,
because
you're
disconnected
there
still
do
nothing.
Are
they
okay?
Every
time
you
call
any
throws
an
error,
so
you
don't
really
have
to
you
cannot
do
anything.
Some
of
them
throws
an
error.
Some
event
returns
no
and
they're
stable.
B
C
C
A
B
Yes,
that's
correct.
That's
correct,
mark
yeah,
not
talking
yet
about
how
it
touched.
Okay,
so
I
think
is
that
you
you're
right
Jeff
and
the
sense
that
the
first
technique
is
force
unboxing.
But
even
though
you
did
the
sound
box
in
and
there
is
no,
you
cannot
cause
a
side
effect
by
hitting
in
network
something
like
that.
You
still
have
access
to
some
objects
that
are
phony
objects.
In
that
sense,
I
you
you
could
attempt
to
do
some
I
mean
you
have
a
dome
in
the
iframe
you
can.
B
You
can
get
the
document
and
you
try
to
do
something
with
it.
It
might
be
even
a
stable
mine,
but
in
my
trick
you
to
think
that
those
objects
are
good
enough,
and
maybe
this
part
of
the
sandbox
that
you
want
is
just
simply
not
given
an
access
to
any
of
these
things
right
or
simply
pipe
goes
into
the
outer
realm
somehow,
which
is
what
I
do
so
in
the
case
of
SES?
Maybe
you
didn't
want
to
know
them
out,
but
there
are
certain
six
objects
that
you
would
not
be
able
to
know.
A
So
from
SES
referring
to
is
the
primal
global
and
what
we
do
ses
initialization
is
we
try
to
make
it
the
case
that
no
SES
code
could
ever
access
the
primal
global?
But
if
we,
then
we
should
still
do
that,
but
it
sounds
like
by
using
these
techniques.
If
there's
a
bug
in
our
confinement
such
that
there's,
some
route
by
which
SAS
code
reaches
the
primal
global
with
your
techniques,
we
can
make
that
her
most
yeah.
C
But
that
so
that
we
want
to
use,
is
we
start
with
with
the
rep?
That's
what
we
call
that
primal
round.
So
imagine
it's
a
window
and
we
want
to
create
an
environment
where
we
control
everything.
With
the
current
technique
of
the
eighth
magic
line.
There
is
it's
possible
because
we
have
to
shadow
every
global
with
another
variable,
that's
fake
as
our
deferring
we
break
a
lot
of,
but
ability
with
type
of
and
and
and.
C
Undefined
you
know
the
error
right
that
reference
are
feel
so,
if
you're
able,
instead
to
create
that
first
compartment
as
a
referee,
where
you
can
bleach
out
all
the
properties
you'd
never
want
to
see.
Therefore
you
restore
the.
If,
even
if
you
keep
the
eight
right
amount
of
line
of
code,
you
still
be
stored
at
that
there,
that
behavior
for
that
first
part
for
that.
First
compartment,
yeah
right.
C
C
A
B
And
this
is
a
this
is
why
I
was
saying
that.
Maybe
there
is
a
lot
of
things
that
you
could
get
out
of
these
because
yeah,
you
will
still
have
some
weird
behavior.
You
have
a
global
window.
For
example,
you
have
a
a
global
document,
a
global
location,
but
those
you
know
the
extra
flavor
that
you
have
there
that
doesn't
do
anything
there's
an
effect
you
because
you're
gonna
do
anything
with
then
you're
already
watching
now,
but
they
are
there.
B
You
cannot
really
remove
them
and
there
is
a
new
global
object
is
a
slightly
different
because
it
has
a
proper
chain
that
it
can
now
be
really
change
it,
as
the
proto
chain
is
going
to
be
windows
to
uppercase
window
prototype,
to
application
window
properties
to
even
tag
it,
but
those
things
are
wipeout
there
are
empty.
Is
it's
not
the
same
as
a
to
succeed
to
a
specification
where
you
have
a
very
specific
global
object?
That
is
more
simple
object.
D
A
A
C
A
B
A
C
A
gold
or
chrome
I'm,
not
sure
I,
don't
dis
available
if
the
dev
environment
is
out.
No
this
only
when,
when
it's
a
the
dev
tools
open
the
I
changed
the
whole,
like
all
browsers,
now
have
a
global
and
they
use
it
order,
but
you
know
like
proposed
specs
or
things
that
they
want
to
actually
implement.
That
will
never
be
in
this
back.
Oh
yeah,
I
think
it's
a
permanent
thing.
You
know
in
a
browsing
context
of
the
browser
itself.
B
B
This
is
the
one
of
the
hacks
that
you
have
to
do
to
make
that
window
really
useful,
and
maybe
that's
why,
before
we
did
encounter
this
or
jdd
found
that
did
you
execute
code
before
removing
the
eye
from
your
execute
code,
with
the
window
reference
there
that
catching
some
process
of
making
the
global
object?
Useful,
oh
gosh
there
that
is
happening
there,
how
they
discover
this?
We
tried
many
different
things
and
then
the
removal
is
here
right
after
now,
the
window
reference
that
you
hold
is
a
good
reference.
Otherwise
you
don't
do.
B
A
Name
but
the
magic
happening
on
line
23,
yes,
where,
even
though
it
looks
like
a
line
that
has
no
effect
you're
saying
if
you
comment
that
out
everything
breaks
yeah,
but
that's
true
across
browsers.
Yes,
is
that
is
there
something
in
the
spec?
It
explains
not
no,
no
okay.
So
the
same
idea
will
have
more.
B
Or
does
it
explain
the
behavior
123
is
absent.
He
does
not
say
anything
about
that
as
far
as
I
can
tell
okay.
So
then
this
is
the
bark
that
I
mentioned.
It
is
now
useful
in
the
dev
tool,
but
even
with
this
bark
we
were
able
to
take
it.
We
will
be
able
to
use
them
because
we
could
say
well,
we
don't
remove
it
in
development
mode,
so
you're
training.
B
And
then
in
production
which
really
wipe
it
off
yeah,
so
like
we're,
confident
that
we
can
solve
this,
because
the
other
two
browsers
are
doing
the
right
thing:
okay,
I
haven't
tried
a
new
edge.
I
hope
that
the
new
H
doesn't
have
the
same
nature
as
well,
so
we'll
see
so
those
are
those
are
pretty
much
the
creation
of
the
iframe
and
then
from
there.
These
are
the
sort
of
the
common
offenders,
although
they're
not
ready.
Okay,
this
is
the
protege
nor
the
window
is
immutable.
You
cannot
really
change
the
these
four
objects.
B
A
B
B
C
C
C
A
B
A
Those
I
was
planning
that
once
you
initialize
SCS
in
a
realm
that
you
basically
do
all
further
execution
inside
compartments
created
by
SES,
you
immediately
get
away
since
you
have
me
historically,
because
we
could
not
bleach
the
primal
good,
we
had
to
get
it.
We
had
to
get
away
from
the
problem
global
as
quickly
as
possible.
So
as
soon
as
you
were
executing
SES
code,
we
were
always
even
in
the
initial
compartment.
It
was
still
at
the
partner
with
its
own
safe
goal
that
was
distinct
from
the
problem.
A
Right
he's
actually
using
the
that's
what
saying
the
purposes
are
different
yeah
for
his
purpose
he's
actually
making
the
promise
mobile
visible
to
application
code
yeah.
So
he
wants
it
to
continue
to
have
the
things
that
are
expected
to
be
the
done
well
for
our
purposes.
We
would
just
want
to
bleach
it
completely,
including
removing,
even
though
the
SES.
B
A
A
That
had
to
do
with
reading
JSON
files
using
the
script
tag
and
that
there
was
this
threat
that
if
you
could
modify
the
inheritance
chain
of
the
global
or
something
very,
very
convoluted
threat
that
our
biblical
Zilla
identified
on
a
security
bug
thread
where,
if
you
could
modify
the
inheritance
chain
above
the
global,
you
could
do
something
weird.
It
was
outside
of
any
security
concerns
that
I
have,
but
I
think
that
was
if
I
recall
correctly.
That
was
the
reason
why
they
locked
down
the
entire
inheritance
chain
from
the
window
of
to
object,
prototype.
B
A
B
B
Now
so,
although
all
these
is
basically
dealing
with
this
fact
of
their
proper
chain
and
then
picking
up
the
pieces
and
doing
some
remapping
for
their
own
brains,
so
this
all
this
code
is
just
membrane
specific
for
us,
the
remapping
and
then
for
offenders
that
we
simply
are
okay
with
eliminating
then
eliminating.
That
means
when
I
see
delete
when
do
the
link
here
and
delete
him
from
a
descriptor
map,
so
I'm
not
trying
to
take
control
over
those
inside
the
iframe.
Basically,
but
these
are
these
three
are
the
same
that
we
have
been
here.
B
B
B
B
B
A
So
can
we
mix
this
technique
with
Jasper's
technique
for
a
simple
D'amato
we're
in
a
different
I
frame?
We
use
CSP
to
turn
off
all
evaluation
and
turn
off,
basically
as
much
as
we
can,
but
we
still
have
a
Dom
that
can
render
and
interact
with
the
user
and
then
take
that
down
from
second
iframe
make
it
accessible
from
from
the
code
in
this
iframe.
A
A
What
you
want
is
nothing
other
than
code
evaluation,
which
I
think
you're
for
the
first
time,
achieving
directly
in
the
browser
in
a
beautiful
manner
in
a
robust
manner
and
then
the
other
iframe,
that's
donating,
Dom
nodes.
The
issue
is
suppressing
all
behavior
of
the
dom
nodes
for
causing
evaluation
and
for
causing
remote
I/o
for
causing
network
traffic,
which
so
you
can
so
CSP
can
certainly
suppress.
A
But
but
you
want
to
preserve
the
behavior
that
those
Dom
nodes
are
mapped
onto
the
screen
of
the
user
sees
so
that
with
the
Dom
nodes
you
can
render
to
communicate
through
a
user
and
lengthwise
we'll
see
user
interface
events.
So
it
becomes
a
boxed
channel
for
interacting
with
the
user,
but
not
with
the
network
and
not
with
evaluation.
A
So
then
the
idea
is
you.
Take
the
the
Dom
nodes
from
the
second
iframe
make
them
available
within
the
first.
By
frame
and
especially
get
separate
compartments
in
the
first
off
frame,
you
can
make
different
ones
of
those
available
in
different
compartments
in
the
first
iframe
and
now
you've
got
something
you
know
like
the
kaha
Division
of
the
screen
real
estate
into
separately,
permitted
Don
trees,
all
within
one
root
realm
in
separate
compartments.
B
Right,
that's
very
similar
to
what
we
do
now.
What
we're
doing
right
now,
the
different
is
that
the
reason
why
how
the
motto
in
this
case
is
probably
doing
the
second
iframe
for
the
dome,
because
they
don't
want
to
mess
with
the
rest
of
the
town.
So
you
traverse
that
dome
that
you
do
have
access
to
you.
Don't
have
access
to
anything
else.
B
B
Yeah,
it's
still
separate
by
they
controls
that
we
have,
because
we
don't
we
don't
bleach
it
out.
We
don't.
We
don't
eliminate
all
the
network
and
everything
that
you
could
do
there,
because
the
real
window
that
has
the
application
running
there.
What
we
do
is
control
anything
that
you
might
be
doing
inside
the
sandbox.
B
When
you
talk
to
one
of
those
dome
a
pee
eyes,
we
try
to
understand
what
you're
doing
by
applying
the
proper
distortion,
so
if
you're
doing,
for
example,
create
element
and
you're
doing
some
creation
of
an
iframe,
that's
already
script
and
you're
trying
to
put
in
somewhere.
Well
we
identify
that
and
we
do
something
else.
So
if
the
distortion
give
us
the
ability
to
understand-
or
at
least
give
you
give
us
the
ability
to
see
what
you're
trying
to
do
with
the
dome
and
we
replaced
all
those
operations,
wait,
what.
B
Yeah
we
do
scientist
ation
there
so
you're
doing
it
it's.
The
distortion
is
on
the
setter
for
I
n
HTML
on
the
an
element
of
prototype.
So
that
is
a
function.
The
satyr
is
a
function.
We
identified
a
function
with
the
identity
of
it
will
replace
it
with
a
new
one
that
gives
you
the
proper
sanitization
and
that's
efficient.
So
it's
a
single
distortion.
There,
okay.
A
B
The
distortion
is
the
secret
sauce,
I
will
say,
yeah.
Well,
you
have
to
define
those
assertion
very
carefully.
The
two
things
that
we
did
or
the
thing
that
we
did
and
I
was
worried
about
it
at
the
very
beginning.
When
we
start
this
exercise
was
well.
We
have
multiple
instances
where
we
experts
in
this
matter
by
all
means
make
mistakes
of
leaking
objects
that
you
should
not
have
access
to
inside
when
we're
doing
all
the
preparation
of
what
we're
doing
distortion-
and
we
have
few
interns
I
remember.
B
Some
of
the
cleanup
that
we
did
in
the
scene
was
because
of
that
we
were
leaking
object
up
not
supposed
to
system
or
object
basically,
and
what
we
did
with
the
distortion
is.
The
assertion
happens
on
the
outer
realm
and
is
defined
with
objects
of
the
outer
realm.
So
when
you
are
writing
a
distortion,
you
are
doing
it
in
the
outer
realm
and
the
membrane
will
take
care
of
protecting
that
distortion
as
well.
B
You're,
not
only
protecting
yourself,
you,
we
are
creating
a
distortion,
but
we
also
protect
what
you
produce
as
a
distortion,
just
in
case
that
you're
leaking
something
that
you're
not
supposed
to
leak
or
the
distortion
will
take
care
of
that.
I
feel
that
that's
important,
because
I
remember
having
basically
you're
not
going.
B
The
distortion
is
not
about
giving
you
a
proxy
or
the
thing
is
about
giving
you
a
function
of
the
function
that
you're
distorting
and
once
you
give
me
that
function,
I
will
go
out,
create
a
secure
proxy
for
it
and
give
it
to
the
sandbox.
You
don't
do
that.
Work
and
I
feel
that
we
make
a
mistake
before
of
giving
you
the
ability
to
do
that
and
the
and
the
and
the
realm
and
the
round
team
before
too
much
power
for
their
owner
of
the
iframe
I.
A
The
the
the
dangerous
ability
that
we're
that
we
made
the
previous
mistake
of
providing
that
you're
no
longer
that
here
instead
preventing
is
corresponds
to
this
recent
recent
crop
of
bugs
that
we
had
that.
You
did
not
have
that
had
to
do
with
a
leakage
between
root
realms,
for
example,
through
the
flat
got
construct
that,
if
you
just
never
have
any
unprotected
of
direct
access
between
realms,
then
it's
the
was
all
these
subtle
attacks
on
the
boundary
between
root
realms.
Is
that
we're
free
to
sort.
B
So
whenever
you
try
to
access
fetch
from
within
this
and
that
the
sandbox
will
give
you
a
new
function,
the
function
that
whose
role
is
to
just
console
error
and
do
nothing
on
the
function
and
the
fetch
they
belong
to
the
other
round,
they
are
part
of
they
are
around
there.
There
are
their
identities
from
the
other
round.
The
distortion
Kobach
does
not
give
you
any
specific
information
or
even
detail
about
the
sandbox
that
you
are
disturbing
and
therefore
you
don't
make
mistakes
of
putting
things
into
that
iframe
I.
B
A
Let
me
see
if
I
can
play
that
back
in
general
membrane
terms,
they're
not
specific
to
inner
and
outer
realms
you
want
to.
We
want
to
create
a.
We
know
that
that
computing
between
root
realms
is
dangerous.
We
want
to
create
membranes,
but
what
creates
a
membrane
parameterize
by
distortion?
The
distortion
is
user
code,
so
user
code.
We
don't
want
to
give
access
to
objects,
direct
access
to
objects
that
are
both
sides
of
the
memory.
In
other
words,
let's
say
that
we
made
the
two
sides
wet
and
dry.
A
If
the
creator
of
the
membrane
is
wet,
then
the
distortions
are
wet.
So
we
want
to
have
the
membrane
interact
with
the
distortion
code,
such
that
the
distortions
themselves,
even
though
they're
executing
in
some
sense
inside
the
membrane,
rather
they
come
suddenly
the
distortions
only
see
wet
objects
and
to
do
that.
What
that
means
is
that
when
there's
a
something's
coming
in
from
the
dry
side
that
needs
to
get
distorted
the
way
you
distorted
is
you
first
map
it
to
the
west
side?
A
B
Yes,
so
it's
the
inverse,
so
you
are
saying,
but
that's
correct.
The
intent
is
what
is
what's
correct:
yeah
we,
the
distortion
happening,
was
one
side
of
the
fence
and
you
you
never
have
to
deal
with
the
fact
that
you
you
need
to
understand
what
I'll
get
is
why
so,
there's
no
problem.
Identity,
I
needed
some
the
power
to
know
what
side
of
the
fence
you
are.
You
are
a
distortion
in
this
side
and
you
can
only
produce
objects
of
this
side
and
we
would
take
care
of
it
later
so.
B
So
the
wet
the
wet
is
the
wet,
creates
the
sandbox
and
controls
and
distortion
of
that
sandbox
right
so
wet.
So
what
would
be
the
other?
Yes,
so
in
this
case
the
distortion
is
all
happening
at
the
wet
level.
Joe
is
on
the
wet
side
of
things
and
then,
when
you
finish
that
process
of
disturbing
and
without
getting
to
another
what
object
you
pass
that
into
the
membrane
and
the
membrane
would
make
the
park
the
other
way
that
is
accessible
into
the
dry
area
yeah.
So.
C
Basically,
this
is
just
the
attenuator,
so
this
is
if
he
was
not
concerned
about
different
identities,
this
would
be
fun.
This
is
the
distortion
is
passed
to
the
membrane
which
takes
care
of
the
identity,
discontinuity
which
gives
something
else,
plus
probably
making
sure
there's
no
write
ability
for
the
big
brain.
This
is
for
crossing
routes.
Can.
B
So
I'm
calling
this
function,
which
in
this
case
is
the
browser
I
could
do
note
here
if
I
want.
So
basically
the
tool
right
now
is
divided.
Just
for
you
to
know
the
tool
is
divided
into
the
core
of
it,
which
is
the
environment.
This
is
the
one
that
does
the
membrane
there
on.
The
name
is
probably
wrong.
This
is
the
one
that
controls
the
membrane.
B
You
create
an
intense
of
a
class,
this
class,
secure
environment
and
this
option
back
has
to
be
passed
with
these
three
things:
the
global
on
the
wrong
side,
the
global
in
the
secure
environment
that
you
are
taking,
control
of
and
the
distortion
callback,
which
will
probably
change
to
a
distortion
map,
but
this
core,
the
core
of
the
library
which
is
very
tiny
about
1.5,
K
or
something
it
doesn't
know
how
to
create
it
ROM
or
any
of
that
it
only
cares
about.
You
have
two
global
objects.
B
B
We
talked
about
it,
we
talked
about
it
and
this
ocean
really
works
the
in
both
ways,
but
because,
if
I
ever
get
a
object
from
within
the
sandbox
and
I
wanted
to
pass
it
to
the
outer
to
the
outer
realm,
then
the
membrane
will
look
for
it
and
will
try
to
it.
Has
a
internal
mapping
already
of
what
was
already
sorry.
I
mean
I
mean
reflex
that
if
you
have
access
to
an
object
from
the
outer
realm,
it's
because
you
already
have
a
mapping.
B
It
goes
already
when
already
through
the
membrane
yeah,
we
already
have
a
map
in
a
water
correspond
to
and
and
therefore
you
give
it
back
to
the
membrane,
the
membrane
will
be
able
to
rewind
out
and
get
there
the
reference.
On
the
other
end,
we
did
not
implement
the
dual
distortion
mechanize,
because
we
feel
that
it's
not
really
needed.
We
could
look
into
it,
but
it
feels
that
the
Creator
is
the
one
that
is
in
control,
and
if
we
want
to
really
do
extra
mapping,
you
could
do
the
remapping
by
using
the
function
called
map.
B
Map
you
can
call
this
one
and
use
it.
You
will
tell
what
is
the
object
from
the
secure?
What
is
there
in
the
row?
They
are
mapped
to
each
other,
so
every
time
that
it
comes
in,
you
know
what
to
correspond
on
the
other
end.
So
it's
just
a
mapping
I
thought
that
this
is
sufficient,
but
we
could
look
at
if
there
is
anything
that
you
really
need
to
do.
We
could
look
at
it.
You
just
don't
have
anything
that
is
needed
there.
Anyways.
B
It
was
the
distortion
that
you
control
on
the
outter
around
seems
to
be
sufficient,
but
if
there
is
anything
else
we
can
look
at
it.
So
this
is
really
the
core
of
the
what
we're
doing
and
then,
on
top
of
that,
you
need
the
ability
to
create
the
sandbox,
and
we
have
to
some
boxes
there
browser
one
and
they
note
one.
The
browser
one
is
the
one
that
was
showing
to
you
before
with
all
the
a
hassle
of
the
browser,
while
the
node
the
node
is
pretty
clean.
B
B
B
A
week
map
are
inside
the
environment,
privacy
and
now
I
start
my
remapping
by
saying
whenever
you
encounter
it,
securedoc
100k
maps
to
the
raw
document
and
whenever
you
encounter
an
event
prototype
map
to
the
event
prototype
of
the
other
one,
and
these
are
the
distortion
that
know
the
distortion
day,
the
properties
that
we
want
to
preserve
or
remap
to
the
other
properties.
We
could
pass
an
empty
here
or
just
delete
them
all
or
whatever
we
want
so
yeah.
B
So
that's
how
this
thing
the
fetch
supposed
to
work,
so
the
distortion
will
be
called
the
first
time
that
you're
trying
to
get
access
to
fetch
from
within
the
sandbox
and
call
that
and
you
will
be
able
to
return
a
new
function
on
the
other
realm.
That
does
what
the
fetch
is
supposed
to
do,
and
every
time
when
you
attempting
to
send
that
property
back
to
us
via
the
membrane,
we
will
be
able
to
rewind
out
into
into
this
one
yeah.
Okay,.
B
And
when
you
run
the
the
local
development
you
you
get
few
examples
that
you
can
play
with
and
there
are
some
tests
as
well,
but
this
is
very
super
pretty
much
work
in
progress,
but
so
far
the
results
are
really
good
and
the
compilation
of
the
browser
version
is
3k
only
3k
and
four
node
is
two
K's.
It's
very,
very
tiny.
Of
course
the
distortions
are
not
here.
The
surgeons
are
the
secret
sauce,
but
but
it
give
you
the
ability
to
do
whatever
the
assertion
you
want.
Okay,.
C
A
C
A
A
If
you
don't
disconnect
it,
then
we
still
have
you
still
have
the
safety
problem.
Property
safety.
Part
of
this
hazard
we've
always
had,
which
is
code,
escapes
the
amount
of
declines
into
the
underlying
JavaScript.
Then
it
could
still
climb
up
top.
If
we
given
what
pretty
to
shred
us,
we
can
go
ahead
and
make
the
primal
global
harmless.
Just
as
belt-and-suspenders
I
need
to
go
to
save
magic
lines,
it
can't
do
any
damage.
Yeah.
B
Chrome,
chrome,
no
because
chrome
is
really
going
to
be
it's
going
to
be
there
as
an
update
that
has
identity
right,
but
it's
going
to
be
a
proxy
to
an
object
that
doesn't
have
too
many
of
the
or
is
they
the
proxy
handler
doesn't
have
much
they're.
You
know.
Basically,
if
you
do
this,
okay,
Ted
property
descriptors
out
of
we.
C
D
C
A
B
C
B
C
C
A
A
D
A
B
So
Richard
was
asking
something
so
Richard
that
code
is
almost
okay,
but
it
is
missing
the
the
hack
in
between
is
they
they
call
too
evolved
with
the
window
to
get
it
ready
before
you
remove
it.
So
I
think
he
missed
the
part
where
we
look
at
the
the
creation
of
the
iframe
and
he's
putting
its
home
creation
of
the
iframe
there.
But
the
removal
is
happening
before
we
get
a
window
to
be
a
real
window,
something.
B
The
global
descriptors
that
are
configurable,
you
bleach
them
out
easily
just
sit
through
them
and
when
you
encounter
one
of
them
that
is
not
configurable,
then
you
have
to
go
into
the
you
have
to
enter
into
into
the
descriptors
of
that
particular
update
and
do
the
same
there.
So
it's
a
recursive,
but
only
few
of
them
are
really
doing
that.
So
it's
it's
perfectly
fine,
I
believe
and
and
the
prototype
as
well.
A
B
C
B
That's
what
we're
trying
to
do
as
well
like
we
asked
first,
we
up
and
a
few
issues
to
try
to
see
if
they
could
make
some
of
these
configurable,
so
we
could
remove
them
all
I,
especially
top-right.
The
editing
went
too
far.
There
are
a
few
things
there
that
it
seems
to
be
problematic,
like
they're
still
trying
to
still
trying
to
remove
that,
but
the
same
for
windows
circular
reference
and
all
that
but
I,
don't
think
those
will
get
very
far
away.
B
A
With
regard
to,
when
we
write
sus
code
using
javascript
module
syntax,
there
ya
go
straight
module
syntax.
We
would
stay
in
order
to
run
code
that
uses
module
syntax
safely
with
incest.
We
still
have
to
do
what
we
think
we
have
to
do,
which
is
be
what
our
current
plan
is,
which
is
we
have
to
rewrite
this?
The
modules
into
a
valuable
scripts,
because
the
only
mechanism
that
will
with
is
evaluating
invaluable
scripts
does
is
there
any,
which
is,
which
is
all
a
shame,
because
the
browser
itself
now
understands
module
syntax.
A
C
C
Another
possible
thing
to
explore:
sorry
about
that:
I
think
if
you
import
a
module
before
you
remove
the
frame.
So
if
you
have
modules
in
the
map,
I
believe
they
might
remain
in
the
module
map
after
the
iframe
loses
the
ability
to
import
over
network,
because
if
it's
in
the
cache
it
doesn't
hit
the
network,
but
obviously
that
does
not
work.
If
you
want
to
start,
you
know
having
a
fragment
or
a
query:
tear
out
with
dynamic
imports,
I,
don't.
B
Think
it
will
work,
we
talked
about
it,
I,
don't
think
it
will
work,
because
in
order
the
map
is
not
in
262.
The
map
is
on
the
host
and
therefore,
whenever
you
try
to
do
four,
there
are
two
problems
with
that.
First
is
that
you
have
to
run
the
import
dynamic
import
in
order
to
get
into
so
it
doesn't
matter
what
we
do
before.
When
we
give
it
to
you,
the
sandbox,
you
have
to
call
import
to
get
them
a
module
and
you're
saying
if
that
modules
already
resolved,
that
imports
will
resolve
fine.
B
C
B
The
the
reason
why
I
don't
think
it
will
work
is
because
we
were
very
when,
when
we
were
talking
about
discussing
the
details
of
the
of
the
module
system
many
years
ago,
we
were
very
keen
and
now
keeping
any
registry
on
Eggman
script.
Just
let
that
to
happen
somewhere
else
in
the
what
it
has
a
mistake
or
not.
I
don't
know,
but
many
times
the
caching
layer
happens
to
come
back
into
the
conversation,
because
we
wanted
to
do
these
or
that
or
the
circular
dependencies
and
I.
D
Basically,
what
he's
encountered
is
an
implementation
artifact
that
represents
some
path
of
least
resistance
in
implementation,
space,
the
that
resulted
in
this
outcome,
even
though
nobody
in
particular
intended
it
and
they
would
say
it's
probably
pretty
important
to
get
it
codified
being
perhaps
the
relevant
w3c
spec
left.
Somebody
finds
some
other
browser
implementation
trick
that
suddenly
made
it
go
away.
Yeah.
C
C
C
B
Chance
to
look
at
the
code
and
look
into
the
import
of
send
an
email
or
maybe
something
out
some
other
channel
so
maybe
goes
off
in
an
issue
and
in
the
end
they
in
the
rip
one
tracker
they're,
just
as
all
will
check
but
other
than
that
yeah.
She
prays
and
all
right
before
I
go
mark.
Do
we
want
to
do
anything
for
the
next
meeting,
because
the
deadline
is
approaching
for
the
right.
A
B
B
We
should
really
avoid
adding
to
the
language
any
API
that
keeps
a
reference
to
an
object
and
three
properties
out
of
that
I'll
get
in
the
next
tourn
I
think
that's
very
important
because
it
makes
really
difficult
to
do
any
operation
on
the
membrane
and
the
proxy
is
the
only
API
that
I
have
found.
That
does
that.
But
I
don't
know
if
in
the
Dom
API
there
is
any
any
of
that
this
whole.
B
That's
that's
one
thing.
The
other
thing
is
I,
try
to
not
add
anything
that
is
not
comfortable
and
maybe
influenced
a
little
bit.
The
hosts
implemented
implementers
to
not
really
do
way
more
face.
I
know
that,
for
example,
trusted
types
are
going
to
be
all
not
configurable
and
Lisa
I
respect
as
no
considerable
they
called
and
I
was
the
term
that
they
used.
They
are
not.
B
A
Yeah,
so
so
the
I
didn't
worry
about
it
too
much,
because
the
the
a
magic
lines
means
that
we
can
mask
anything
including
entrusted
types
well.
But
what
with?
What
greedy
just
showed
us?
It's
very
attractive
that
for
coarse
praying
protection
domains
where
you
don't
want
to
freeze
the
prime
Oracle's
to
just
being
able
to
use
an
entire
root
realm
bleach.
My
frame
has
a
coarse-grained
protection
domain
and
for
those
you
you
its
these
non
configurable,
powerful
things.
That
would
be
the
thing
that
the
showstoppers
against
skipping
the
magic.
C
It's
interesting
because
we
often
when
something
is
proposed
about,
like
you,
you
security,
you
want
a
certain,
a
certain
statement
or
a
certain
government
to
make
sure
that
anything
you
introduced
in
the
language,
so
more
accessible
by
introduced
by
the
hosts
cannot
meet
a
certain
set
of
properties
which
is,
and
we've
very
often
struggle
with
that,
because
we
very
often
the
statement
is
at
the
where
this
has
a
certain
security
model
and
we
try
to
introduce
a
different
one.
So
this
is.
B
B
A
So
why
don't
we
just
make
the
phone
and
proposal
I'm
not
saying
this
should
be
the
only
thing
for
trying
to
be
that
we're
trying
to
get
in
under
the
deadline.
But
why
don't
we
go
ahead
and
actually
make
a
proposal
that
that
mandates
that
any
property
added
by
the
host?
That's
outside
the
atmosphere,
spec
the
added
non
configurable
and
then
acknowledge
that
there's
an
existing
grandfather
in
six
magic
property
things,
but
just
state
normatively
in
the
extra
spec
that
all
properties
headed
by
the
host
must
be
added.
Configurable
and
deletable.
B
Or
there's
a
lot
more
strum
that
always
looking
for
it
just
looking
for
get
people
to
understand
that
this
is
a
problem
and
getting
them
to
agree.
Then
we
have
this
issue.
We
have
the
grandfather
and
sure
this
issue,
but
say
they
can
do
it.
It's
going
to
maybe
trickle
some
people.
Well,
Dominic
is
not
around,
so
it's
fine
I
suspect
what
might
happen
anyway.
A
Is
that
one
of
the
browser
makers
and
particular
on
thinking
of
Google,
one
of
the
browser
makers
might
just
veto
it,
but
making
it
a
proposal
and
bringing
the
argument
to
the
floor
does
cement
home
that
there's
a
problem
here
we
want
to
encourage
people
not
to
do
it
even
if
they
don't
get.
It
is
normally
posted.
Well.
B
In
theory,
there
is,
at
least
in
my
mind,
there
is
not
a
problem
for
those
things
to
be
not
configurable.
The
problem
is
that
sometimes
we
either
need
to
polyfill
something
or
we
need
to
create
a
feature.
We
need
to
do
something
where
those
are
problematic,
especially
for
the
membrane,
but
these
are
problematic
because
we
do
not
have
they're
wrong.
If
we
have
the
room,
then
who
cares
about
it?
Because
we're
going
to
create
it
wrong
right.
A
A
So
you
know
you
could
the
host
could
just
add
right
now,
the
way
the
spec
is
written.
If
a
particular
host
added
a
non
configurable,
peek
and
poke
methods
to
the
object,
constructor
static,
he
can
poke
methods
further
for
reading
and
writing
arbitrary
physical
memory
locations.
It
would
render
everything
completely
non
memory
safe.
It
wouldn't
actually
violate
anything
in
the
spec
right,
so
I
vote
aye
often
fantasized
about
what
is
it.
A
We
could
write
down
such
that
there
are
such
as
if
the
spec
is
normatively,
stating
safety
properties
that
post
additions
can't
violate,
but
also
that
anything
that
many
properties
that
host
adds
to
the
threat
to
the
primordial
objects
to
the
you
know
to
the
intrinsics
other
than
the
level.
I
was
like
everything
had
it
since
the
spec
allows
house
to
add
those
things.
I
would
like
everything
that
hosts
and
to
the
primordial
to
be
mandated
to
be
configurable
and
alito
that
we
might
get.
A
D
A
A
B
D
C
B
B
Okay
and
I
feel
that,
for
this
particular
case,
it's
very
rare
that
you
to
get
into
a
problem
with
this.
You
have
to
have
a
handler
owned
by
a
sandbox
and
the
proxy
interns
owned
by
the
other
side,
and
then
you
might
have
an
issue
there,
but
that's
very
rare,
and
so
it's
not
really
affecting
us
and
right
now.
What
happened
is
if
you
do
that.
Well,
the
proxy
handler
is
not
going
to
be
life.
It's
going
to
be
frozen
in
time,
you're
not
going
to
get
the
new
properties
the
traps
or
whatever.
B
So
it's
not
really
the
end
of
the
world.
Many
people
don't
even
know
that
this
exists,
but
I
should
be
careful
about
new
functionality.
The
holes
reference
to
updates
and
then
green
properties
out
of
those
objects
is
probably
something
that
we
should
put
in
somewhere
in
the
list
of
checks
that
we
want
to
do
when
introducing
new
things
with
the
language
and
I.
Don't
know
about
the
dawn.
I
hope
that
the
don't
doesn't
have
many
of
those
but
I'm
sure
that
there
is
something
somewhere
yeah.
A
B
B
B
B
A
So
so,
let's
go
ahead
and
put
both
of
those
on
the
agenda
has
discussion
topics
since
we
don't
have
a
spec
written
down
yet
I
think
we.
You
know
we're,
certainly
not
ready
to
have
enough
written
down
before
the
deadline
to
ask
for
stage
advancement
at
the
meeting.
But
if
we
just
want
to
give
a
status,
update
and
discuss
issues,
then
if
what
we
have
written
down
is
written
down
after
I,
think
all
of
us
kosher.
A
B
A
B
Hope
to
sign
before
the
deadline
for
stating
okay,
you
can
use
some
of
you
will
spend
time
looking
at
the
current
specification
of
the
realm
API
and
see
if
there's
anything
there,
we
are
or
missing
that
I
can
work
on.
You
have
a
better
mental
model
of
how
that
works
with
the
evaluator.
So
it
will
be
interesting
to
look
at
it
and
see
if
there's
anything
that
we
need
to
add
or
remove.