Es4-discuss Digest, Vol 8, Issue 44
wycats at gmail.com
Tue Oct 30 17:13:00 PDT 2007
What specifically would you do in ES3+ to improve this situation?
On 10/30/07, Douglas Crockford <douglas at crockford.com> wrote:
> > Brenden is also correct: If the working group voted and
> > the current
> > proposal won - it is better to have a stronger, more secure
> > language.
> > Sure they can argue it is bloated, but SO WHAT?
> The proposal is not a more secure language. It does nothing to address
> ECMAScript's biggest design flaw: the insecurity caused its dependence on a
> global object. XSS attacks are a direct consequence of this flaw. By making
> the language more complex, this problem becomes even harder to reason about
> and fix.
> I have been bringing this up since my first day in the working group. This
> is not a concern that is being sprung at the last minute.
> The working group hasn't voted. The proposal has not won. We have agreed
> to disagree, developing two competing proposals in the same working group. I
> am pursuing with Microsoft a counter proposal for a simpler, reliable remedy
> think we need to be more selective in how we fix it. Bloat, in my view, is
> not good design.
> Es4-discuss mailing list
> Es4-discuss at mozilla.org
Web Developer | Procore Technologies
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Es4-discuss