Re: [qooxdoo-devel] Scalable Javascript Architecture

Thu, 09 Sep 2010 00:28:49 -0700 

>
> As mentioned, the qooxdoo way of declaring classes doesn't let one use
> closure variables over the whole of the class. Currently, the generator
> removes all code outside of the class definitions when generating the
> build
> code.

Hu?! How come? Have you proof of that?

> However, if there was a way to keep those variable definitions such
> as:
>
> var foo;
> qx.Class.define("my.special.class", .{... });
>
> we could be using one javascript feature that Doug Crockford has correctly
> identified as THE security mechanism built into javascript. Of course, for
> it not to become a gloval variable, the generator would have to tranform
> the
> code into:
>
> (function(){
>   var foo;
>   qx.Class.define("my.special.class", .{... });
> })();

That is actually what happens, AFAICT.

> But that wouldn't be too difficult, would it? It wouldn't work in "source"
> mode but source mode is never to be used in production anyways.
>
> This way, an attacker would have NO way of accessing the closure variable.
> In contrast, the "private" member properties with the mangled names can be
> easily accessed by iterating over the object properties.

What is your notion of "attacker" here? Do you have a specific exploit
scenario in mind?

T.

>
> Cheers,
>
> Christian
> --
> View this message in context:
> http://qooxdoo.678.n2.nabble.com/Scalable-Javascript-Architecture-tp5500032p5510046.html
> Sent from the qooxdoo mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> This SF.net Dev2Dev email is sponsored by:
>
> Show off your parallel programming skills.
> Enter the Intel(R) Threading Challenge 2010.
> http://p.sf.net/sfu/intel-thread-sfd
> _______________________________________________
> qooxdoo-devel mailing list
> qooxdoo-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
>
>
>



------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
qooxdoo-devel mailing list
qooxdoo-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel

Reply via email to