Es4-discuss Digest, Vol 8, Issue 44

Douglas Crockford douglas at
Tue Oct 30 17:03:15 PDT 2007

> Brenden is also correct:  If the working group voted and
> the current
> proposal won - it is better to have a stronger, more secure
> language. 
> Sure they can argue it is bloated, but SO WHAT?

The proposal is not a more secure language. It does nothing to address ECMAScript's biggest  design flaw: the insecurity caused its dependence on a global object. XSS attacks are a direct consequence of this flaw. By making the language more complex, this problem becomes even harder to reason about and fix.

I have been bringing this up since my first day in the working group. This is not a concern that is being sprung at the last minute. 

The working group hasn't voted. The proposal has not won. We have agreed to disagree, developing two competing proposals in the same working group. I am pursuing with Microsoft a counter proposal for a simpler, reliable remedy to real problems. My position isn't that JavaScript doesn't need fixing. I think we need to be more selective in how we fix it. Bloat, in my view, is not good design.

More information about the Es4-discuss mailing list