Es4-discuss Digest, Vol 8, Issue 44
douglas at crockford.com
Tue Oct 30 17:03:15 PDT 2007
> Brenden is also correct: If the working group voted and
> the current
> proposal won - it is better to have a stronger, more secure
> Sure they can argue it is bloated, but SO WHAT?
The proposal is not a more secure language. It does nothing to address ECMAScript's biggest design flaw: the insecurity caused its dependence on a global object. XSS attacks are a direct consequence of this flaw. By making the language more complex, this problem becomes even harder to reason about and fix.
I have been bringing this up since my first day in the working group. This is not a concern that is being sprung at the last minute.
More information about the Es4-discuss