It's not easy to freeze the world like Caja is doing, and it's not easy
to have a library that takes care of it securely, and the use case is
not always to use modules to have a fresh global.
Some years ago, doing widgets stuff inside web pages, I had a
"RestoreNativeVar" function restoring natives using strange hooks like
taking them from iframes (no comments...)
The issue is probably not TC39 only, but looking at W3C security groups
specs which apparently have some hard time defining something secure,
maybe SES concepts are coming late in the TC39 schedule, all new Web API
define more globals, this is usefull to have something that freezes the
entire global when you need it instead of hacking around.
Regards,
Aymeric
Le 25/09/2013 23:50, David Bruant a écrit :
Le 25/09/2013 17:41, Michaël Rouges a écrit :
Hi all,
Given the number of scripts from various sources that may be
contained in a web page, there may be prototypingconflicts.
Be careful about what you include? To be proactive in that process,
freeze all builtins beforehand. You'll know soon enough if something
breaks.
If you do want to enhance prototype, isolate this code and run it
before freezing builtins.
The module loader API has something close to what you ask:
http://wiki.ecmascript.org/doku.php?id=harmony:module_loaders#loader.prototype.definebuiltins_obj
David
_______________________________________________
es-discuss mailing list
[email protected]
https://mail.mozilla.org/listinfo/es-discuss
--
Peersm : http://www.peersm.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
_______________________________________________
es-discuss mailing list
[email protected]
https://mail.mozilla.org/listinfo/es-discuss
