Hacker News new | ask | show | jobs
by youdontknowtho 3646 days ago
Are they doing security testing as they go? I'm really looking forward to seeing how it fares against the typical "use after free" javascript errors that pwn to own always demo's. I'm not particularly a fan of Rust, but I certainly like the ideas that they are trying to incorporate in it.

Great stuff. Looking forward to see how it evolves.
2 comments
geofft 3646 days ago
I enjoyed this 2014 blog post on how they avoid use-after-frees by design, by letting SpiderMonkey have responsibility for all DOM garbage collection:

https://blog.mozilla.org/research/2014/08/26/javascript-serv...

link
youdontknowtho 3646 days ago
Ooh. Nice one, mate. Thanks.
link
legulere 3646 days ago
Servo doesn't contain an own javascript engine.

Use after free generally isn't possible in rust in safe code.

link