Le 06/01/2012 16:54, Andrea Giammarchi a écrit :
there is no security issue ... it's meant like that plus what Mark did
not think about, is that if I use
(function () {
function callback() {}
var object = {};
window.addEventListener("no way", object.boundTo(callback), false);
// later on
window.removeEventListener("no way", object.boundTo(callback), false);
}());
inside a scope other objects can not reach, nobody will ever be able
to retrieve the resulting bound function/object.
Of course, the case you show is not a problem. The problem arise when 2
potentially malicious scripts have access to the same object (Mark used
'Object' as an example).
But with modules, module loaders and the end of global scope, I wonder
to what extent this happens. i'll answer directly to Mark message to
discuss this.
David
_______________________________________________
es-discuss mailing list
es-discuss@mozilla.org
https://mail.mozilla.org/listinfo/es-discuss
