Comment #2 on issue 1274 by [email protected]: Current "virtualize"
strategy isn't safe
http://code.google.com/p/google-caja/issues/detail?id=1274
Since we can't rescue "x.sort(comparator)" anyway, the choice is actually
between
Array.prototype.sort.call(x, comparator)
as you state, which virtualization can protect, and
x.sort___(comparator)
which is safe even without virtualization. Since the latter is also more
convenient and a more incremental change from the non-defensive code people
naturally write, I still think we should retire virtualization.
