On Tue, Apr 12, 2016 at 10:45:06PM +1000, Chris Angelico wrote: > On Tue, Apr 12, 2016 at 10:42 PM, Jon Ribbens > <jon+python-...@unequivocal.co.uk> wrote: > > That's not a vulnerability, and it's something I already explicitly > > mentioned - if you can get a function to return an object's __dict__ > > then you win. The question is: can you do that? > > The question is, rather: Can you prove that we cannot?
I refer you to the answer given previously. Can you prove you cannot write code to escape JavaScript sandboxes? No? Then why have you not disabled JavaScript in your browser? _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
