Comment #6 on issue 1274 by [email protected]: Current "virtualize" strategy isn't safe
http://code.google.com/p/google-caja/issues/detail?id=1274
I just realized that it's simpler than we thought. For ES5/3, our assumption is that innocent code runs in a different JS context (frame) than cajoled code, in which case
Array.prototype.sort.call(x, comparator)
will work whether on not we virtualize. The innocent code is applying the
innocent frame's sort. Thus, one less argument to virtualize.
