Mark S. Miller wrote:
On Tue, Jun 12, 2012 at 7:12 AM, Brendan Eich<[email protected]> wrote:
Your point about not violating "use strict" or elaborating too much is good,
but I want to push back on one thing: local vars may be a bridge too far,
especially with optimizing JITs, block-scoped let bindings, etc. Making
arguments available is easier.
Revealing secrets passed in arguments? C'mon.
I know, but see below.
Also, as you pointed out, even error.stack leaks information. Where do
you draw the line?
Making arguments *generally* available would be fatal.
I think Charles was arguing that anyone keeping secrets would need "use
strict" to protect those secrets anyway, because otherwise
arguments.caller.arguments[i] (given non-strict caller and callee) can
get them.
That's why you need something
like the getStack function I suggested earlier: debugging info is
accessed only by rights amplification, and the amplifier is not made
generally available.
This is a good argument for Error.getStack(errObj), indeed.
/be
_______________________________________________
es-discuss mailing list
[email protected]
https://mail.mozilla.org/listinfo/es-discuss
