Es4-discuss Digest, Vol 8, Issue 44

Yehuda Katz wycats at
Tue Oct 30 17:13:00 PDT 2007

What specifically would you do in ES3+ to improve this situation?

-- Yehuda

On 10/30/07, Douglas Crockford <douglas at> wrote:
> > Brenden is also correct:  If the working group voted and
> > the current
> > proposal won - it is better to have a stronger, more secure
> > language.
> > Sure they can argue it is bloated, but SO WHAT?
> The proposal is not a more secure language. It does nothing to address
> ECMAScript's biggest  design flaw: the insecurity caused its dependence on a
> global object. XSS attacks are a direct consequence of this flaw. By making
> the language more complex, this problem becomes even harder to reason about
> and fix.
> I have been bringing this up since my first day in the working group. This
> is not a concern that is being sprung at the last minute.
> The working group hasn't voted. The proposal has not won. We have agreed
> to disagree, developing two competing proposals in the same working group. I
> am pursuing with Microsoft a counter proposal for a simpler, reliable remedy
> to real problems. My position isn't that JavaScript doesn't need fixing. I
> think we need to be more selective in how we fix it. Bloat, in my view, is
> not good design.
> _______________________________________________
> Es4-discuss mailing list
> Es4-discuss at

Yehuda Katz
Web Developer | Procore Technologies
(ph)  718.877.1325
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Es4-discuss mailing list