Fixes to endowment safety example (#102)

* Fixes to endowment safety example Tried evaluating the example in the docs and found it was missing a few calls, and replacing the `toString` of `Function.prototype` rather than `Object.prototype`.
Agoric · Apr 2, 2019 · 18b937d · 18b937d
1 parent d3bd27a
commit 18b937d
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/docs/api.md b/docs/api.md
@@ -75,7 +75,7 @@ function makeConsole() {
   }
 }
 
-const newConsole = s.evaluate(`(${makeConsole})`, {consoleEndowment: console});
+const newConsole = s.evaluate(`(${makeConsole}())`, {consoleEndowment: console});
 s.evaluate('console.log(4)', { console: newConsole });
 ```
 
@@ -87,8 +87,8 @@ function evil() {
   outerObject.__proto__.toString = obj => 'haha';
 }
 
-s.evaluate(`(${evil})`, { consoleEndowment: console });
-{}.toString(); // prints 'haha'
+s.evaluate(`(${evil}())`, { consoleEndowment: console });
+(()=>{}).toString(); // prints 'haha'
 ```
 
 The key is that we evaluate trusted code to generate the safe endowment, and only pass the safe endowment to the untrusted code. Every object in the system should be examined to identify which realm it is coming from (outer or inner), and never ever reveal outer-realm objects to untrusted code. Even passing a collection of safe inner-realm objects to untrusted code enables a confinement breach: