Le 27/10/2012 00:23, Kevin Reid a écrit : > How about: there must be no /nonstandard non-configurable > properties/ of standard objects. > > This directly implies "SES can do its job of deleting everything not > whitelisted", and does not rely on the spec blacklisting undesirable > behaviors. Interesting. I think there are two slightly different problems to solve: 1) Make applications written in the language securable 2) Make applications written in the language not insecure
ES5 strict mode, by poison-pilling .caller and .arguments and by fixing dynamic scoping features took in the direction of making the language not insecure by default. The addition of Object.freeze and a couple of other things went in the direction of making the applications securable. I feel I was going for making the language not insecure with my section 2 refinement, but I guess which is better really depends on the danger provided by the non-standard capability. I guess there is a case for both. Maybe the refinment I proposed could fall into 2 subsections: one for "don't ever add this kind of capability to the language or you're putting users at risk" and another for "if you add this kind of capability, make sure it's securable" (non-configurable I assume for most cases). In a way, the recent agreement on __proto__ is of the latter category :-) David
_______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
