Changes to Array method this coercion (was: ES3.1 Draft: 27 Oct 2008 version available)
mjs at apple.com
Mon Oct 27 17:23:37 PDT 2008
On Oct 27, 2008, at 5:13 PM, Dean Edwards wrote:
> Maciej Stachowiak wrote:
>> On Oct 27, 2008, at 4:54 PM, David-Sarah Hopwood wrote:
>>> Robert Sayre wrote:
>>>> I checked current browser behavior for this coercion to the global
>>>> object for array methods (as well as apply and call).
>>>> Opera 9.61
>>>> Chrome Beta 1
>>>> Safari 3.1.2
>>>> Firefox 3.0.3
>>>> It seems that the above implementations coerce null or undefined to
>>>> the global object for Array.map in this example, so Mozilla opposes
>>>> these changes.
>>> The change in behaviour was quite deliberate, and I had been under
>>> impression there was a concensus in favour of it. Removing the
>>> of 'this' to the global object is necessary to improve the safety
>>> security of ES3.1, IMHO.
>> Apple is also opposed to changing this behavior, at least without
>> sufficient showing that the change is broadly compatible with Web
>> It is also not clear to me how it improves safety and security of
>> ES 3.1. What is the threat model it protects against?
> As far as I understand it, the global object in a browser
> environment has a length property indicating the number of frames.
> If you call Array.map(null, fn) in a browser environment you will
> enumerate the frames collection. In a non-browser environment you
> get different behaviour. For one, I'd prefer not to have this
Is that a comment on the compatibility risk or the security benefit?
More information about the Es-discuss