Whiteboard notes from the 2nd Meeting on Secure ECMAScript

Douglas Crockford douglas at crockford.com
Wed Nov 19 08:05:32 PST 2008


Notes from the 2nd Meeting on Secure ECMAScript
November 18, 2008

SHEET ONE

Valija

     String.prototype.foo = function () {
         return this;
     };

     ...

     ... "zip".foo() ...
     ... "zip".foo.call("zip") ...

Cajita

     function re() {
         "use strict,cajita";
         [strike]return zip.foo();
     }


SHEET TWO

     foo.addListener(listener)

     this.myObserver = listener;

     function somethingElse() {
         this.myObserver(...);
         (true && this).myObserver(...);
         this.myObserver.call(this, ...);
         a.sort();


SHEET THREE

     [Valija, MS Web Sandbox]

     [ADsafe, Dojo.Secure, Cajita, Jacaranda]


SHEET FOUR

     ADS
     APPS
     MASHUPS
     No overt channels

     Primordial Objects Frozen
     use lexical scope
     eval
     - .constructor
     - .prototype
     immutable functions
     this limitation
     Object limitation


SHEET FIVE

     var tab = new WeakKeyTable()
     tab.set(k, v)
     tab.set(k)

     obj[n]      vs  n.get(obj)
     obj[n] = v  vs  n.set(obj, v)


More information about the Es-discuss mailing list