But then, you might as well start using modules and properly scoping variables, as that will lend to much more readable code.
(Sent again, wrong "from") /#!/JoePea On Feb 16, 2016 7:57 AM, "Coroutines" <[email protected]> wrote: > On Tue, Feb 16, 2016 at 7:45 AM, Michał Wadas <[email protected]> > wrote: > > > > 2016-02-16 15:51 GMT+01:00 Coroutines <[email protected]>: > >> > >> Having the ability to derive from "global" (only in Node) and > >> prepare an Object to run an function within as its global context > >> would be an invaluable ability. (imo) > > > > > > > > It seems like an obvious idea, but in fact it's almost impossible to > secure > > - consider `true.constructor.constructor("alert('XSS')")()` > > ECMAScript lacks secure sandbox that would work in every browser, but > such > > limited scope manipulation is totally useless as "secure sandbox". > > > > BTW, such limited scope manipulation is already possible, see how my > library > > works there - > > > https://github.com/Ginden/reflect-helpers/blob/master/tests/closures.js#L14 > > (it heavily uses `eval`). > > > > Sending again because of wrong "to". > > > > Okay - different argument: if you can provide actual environment > inheritance you can avoid collisions assigning to the "global scope". > _______________________________________________ > es-discuss mailing list > [email protected] > https://mail.mozilla.org/listinfo/es-discuss >
_______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
