[TLUG]: ECMAScript ("Javascript") Version 4 - FALSE ALARM

Mark Miller erights at gmail.com
Sun Oct 28 18:00:44 PDT 2007

On 10/28/07, Robert Sayre <sayrer at gmail.com> wrote:
> It's not all disagreement, though. One aspect of Google Caja seems
> preferable to me: the JSON object. In fact, I would like the committee
> to drop the JSON methods on the object prototype in favor of letting
> host environments provide that API.

I agree. Let's also not add .toJSONString() and .fromJSONString() to
the language.

.toJSONString() creates quoting confusions that can lead to XSS-like

.fromJSONString() is inappropriate as a method of String. A String can
represent source text of any of a large variety of languages. Each
language should know how to parse Strings. Strings should not know how
to be parsed in any particular language. We should follow the object
design principle that Rebecca Wirfs-Brock  calls "responsibility based

However, Rebecca is related to the evil Allan of Microsoft, so perhaps
responsibility based design is part of some evil corporate plot? Or
maybe we should evaluate the logic of what people are saying
independent of their corporate affiliation?

Text by me above is hereby placed in the public domain


More information about the Es4-discuss mailing list