On Fri, Oct 26, 2012 at 3:45 PM, David Bruant <[email protected]> wrote:
> Le 27/10/2012 00:23, Kevin Reid a écrit : > > How about: there must be no *nonstandard non-configurable properties* of > standard objects. > > Good. This agrees with < http://wiki.ecmascript.org/doku.php?id=conventions:make_non-standard_properties_configurable >. > > This directly implies “SES can do its job of deleting everything not > whitelisted”, and does not rely on the spec blacklisting undesirable > behaviors. > > Interesting. I think there are two slightly different problems to solve: > 1) Make applications written in the language securable > 2) Make applications written in the language not insecure > > ES5 strict mode, by poison-pilling .caller and .arguments and by fixing > dynamic scoping features took in the direction of making the language not > insecure by default. > Did you mean "not insecurable by default". ES5 strict by itself is certainly far from secure (or "not insecure"). But because of poison pills and such, ES5 is securable. > The addition of Object.freeze and a couple of other things went in the > direction of making the applications securable. > > I feel I was going for making the language not insecure with my section 2 > refinement, but I guess which is better really depends on the danger > provided by the non-standard capability. > I guess there is a case for both. Maybe the refinment I proposed could > fall into 2 subsections: one for "don't ever add this kind of capability to > the language or you're putting users at risk" and another for "if you add > this kind of capability, make sure it's securable" (non-configurable I > assume for most cases). > Did you mean "configurable"? > In a way, the recent agreement on __proto__ is of the latter category :-) > > David > -- Cheers, --MarkM
_______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
