Comment #1 on issue 1359 by [email protected]: ES53 prematurely casts thrown objects to strings
http://code.google.com/p/google-caja/issues/detail?id=1359
The concern is that we need to prevent potentially powerful capabilities from being thrown, because experience has shown that reviewers cannot keep the exceptional pathway in mind, no matter how vigilant. So E and Joe-E limit throws exceptions to be transitively immutable. ES53 doesn't currently have any way to impose this constraint on thrown exceptions except by taking the extreme stance of coercing these to strings first.
OTOH, translation-free SES-on-ES5 cannot possibly impose any similar constraint, so perhaps we should drop it and learn to live the this hard-to-plug hazard. As with our decision to learn to live with the exophora hazard, neither violates formal object-capability rules, but both are bad human factors. Perhaps tools like Ankur's ENCAP can help alert the programmer to both of these hazards.
