0.0.210 with README note for Fix #210 Avoid bypassing ACL

Author: t2ym

README.md

@@ -6,6 +6,7 @@
 Thin Hook Preprocessor (experimental)
 
 ## Notes
+- **[Vulnerability Fix]** Since [0.0.209](https://github.com/t2ym/thin-hook/releases/tag/0.0.209) with [Fix #210](https://github.com/t2ym/thin-hook/issues/210), bypassing of ACL for global objects by cloing them to other global objects is avoided. Prior to this version, ACL can be skipped by cloing global objects.
 - **[Vulnerability Fix]** Since [0.0.205](https://github.com/t2ym/thin-hook/releases/tag/0.0.205) with [Fix #208](https://github.com/t2ym/thin-hook/issues/208), scripts via `document.writeln()` are hooked as in `document.write()`. Prior to this version, scripts via `document.writeln()` are not hooked.
 - **[Vulnerability Fix]** Since [0.0.203](https://github.com/t2ym/thin-hook/releases/tag/0.0.203) with [Fix #207](https://github.com/t2ym/thin-hook/issues/207), `textContent` of `script` elements are always treated as JavaScript scripts regardless of their configured MIME types (`type` property/attribute).  Prior to this version, `textContent` of `script` elements containing `__hook__` as strings can be mistaken as **HOOKED** scripts and run without hooking.
 - **[Context Generator Compatibility]** Since [0.0.148](https://github.com/t2ym/thin-hook/releases/tag/0.0.148) with [#144](https://github.com/t2ym/thin-hook/issues/144), the old context generator `"method"` is renamed as `"oldMethod"` and the `"cachedMethod"` is renamed as `"method"` and become the new default context generator. The `"cachedMethod"` remains as an alias for the new `"method"` context generator. There are slight changes in the new `"method"` context generator. A warning message is shown on the debug console to notify the change.

bower.json

@@ -1,6 +1,6 @@
 {
   "name": "thin-hook",
-  "version": "0.0.209",
+  "version": "0.0.210",
   "description": "Thin Hook Preprocessor",
   "main": "hook.min.js",
   "authors": [

demo/index.html

@@ -15,7 +15,7 @@
 <html lang="en">
 <head>
   <meta charset="utf-8">
-  <script src="../../thin-hook/hook.min.js?version=491&no-hook-authorization=33a84325e2c0ef070957b2d6e25ff5a31082276a0acc0848a1c8eb6bc61e23be,2fe093ef0395ed18f8b0ee8dbb58c07ac3d06c76be14a718d011ef18cc348f67,5b14ec588d93bf30f76972826b2d3d7220a4992c6026a180d87040fbd97eb2a2,9ae7026958590419825ad94aea3df1c519f813a84798bae72e6b4da95ff4f52a,ce8bd5917e14e8e138aecc6a61bc5779668fde1b3f762eb16e609f429d9f9475,d7d18f6488069afcfc6454dc1a635fe598ce1c9154c19e21f3ea3bf514596799,a578e741369d927f693fedc88c75b1a90f1a79465e2bb9774a3f68ffc6e011e6,log-no-hook-authorization&sw-root=/&no-hook=true&hook-name=__hook__&context-generator-name=method&discard-hook-errors=false&fallback-page=index-fb.html&hook-property=true&hook-global=true&hook-prefix=_pp_&compact=true&service-worker-ready=false"></script></head></html><!--
+  <script src="../../thin-hook/hook.min.js?version=491&no-hook-authorization=a97875937535475490e53dc821dd727911895cd63219ca2325632726cf0b2b36,2fe093ef0395ed18f8b0ee8dbb58c07ac3d06c76be14a718d011ef18cc348f67,5b14ec588d93bf30f76972826b2d3d7220a4992c6026a180d87040fbd97eb2a2,9ae7026958590419825ad94aea3df1c519f813a84798bae72e6b4da95ff4f52a,ce8bd5917e14e8e138aecc6a61bc5779668fde1b3f762eb16e609f429d9f9475,d7d18f6488069afcfc6454dc1a635fe598ce1c9154c19e21f3ea3bf514596799,a578e741369d927f693fedc88c75b1a90f1a79465e2bb9774a3f68ffc6e011e6,log-no-hook-authorization&sw-root=/&no-hook=true&hook-name=__hook__&context-generator-name=method&discard-hook-errors=false&fallback-page=index-fb.html&hook-property=true&hook-global=true&hook-prefix=_pp_&compact=true&service-worker-ready=false"></script></head></html><!--
   <script context-generator src="no-hook-authorization.js?no-hook=true"></script>
   <script context-generator src="context-generator.js?no-hook=true"></script>
   <script context-generator no-hook>

demo/original-index.html

@@ -15,7 +15,7 @@
 <html lang="en">
 <head>
   <meta charset="utf-8">
-  <script src="../../thin-hook/hook.min.js?version=491&no-hook-authorization=33a84325e2c0ef070957b2d6e25ff5a31082276a0acc0848a1c8eb6bc61e23be,2fe093ef0395ed18f8b0ee8dbb58c07ac3d06c76be14a718d011ef18cc348f67,5b14ec588d93bf30f76972826b2d3d7220a4992c6026a180d87040fbd97eb2a2,9ae7026958590419825ad94aea3df1c519f813a84798bae72e6b4da95ff4f52a,ce8bd5917e14e8e138aecc6a61bc5779668fde1b3f762eb16e609f429d9f9475,d7d18f6488069afcfc6454dc1a635fe598ce1c9154c19e21f3ea3bf514596799,a578e741369d927f693fedc88c75b1a90f1a79465e2bb9774a3f68ffc6e011e6,log-no-hook-authorization&sw-root=/&no-hook=true&hook-name=__hook__&context-generator-name=method&discard-hook-errors=false&fallback-page=index-fb.html&hook-property=true&hook-global=true&hook-prefix=_pp_&compact=true&service-worker-ready=true"></script>
+  <script src="../../thin-hook/hook.min.js?version=491&no-hook-authorization=a97875937535475490e53dc821dd727911895cd63219ca2325632726cf0b2b36,2fe093ef0395ed18f8b0ee8dbb58c07ac3d06c76be14a718d011ef18cc348f67,5b14ec588d93bf30f76972826b2d3d7220a4992c6026a180d87040fbd97eb2a2,9ae7026958590419825ad94aea3df1c519f813a84798bae72e6b4da95ff4f52a,ce8bd5917e14e8e138aecc6a61bc5779668fde1b3f762eb16e609f429d9f9475,d7d18f6488069afcfc6454dc1a635fe598ce1c9154c19e21f3ea3bf514596799,a578e741369d927f693fedc88c75b1a90f1a79465e2bb9774a3f68ffc6e011e6,log-no-hook-authorization&sw-root=/&no-hook=true&hook-name=__hook__&context-generator-name=method&discard-hook-errors=false&fallback-page=index-fb.html&hook-property=true&hook-global=true&hook-prefix=_pp_&compact=true&service-worker-ready=true"></script>
   <script context-generator src="no-hook-authorization.js?no-hook=true"></script>
   <script context-generator src="context-generator.js?no-hook=true"></script>
   <script context-generator no-hook>

hook.min.js

@@ -1,6 +1,6 @@
 {
   "name": "thin-hook",
-  "version": "0.0.209",
+  "version": "0.0.210",
   "description": "Thin Hook Preprocessor",
   "main": "hook.js",
   "scripts": {