Changes to Array method this coercion (was: ES3.1 Draft: 27 Oct 2008 version available)

Maciej Stachowiak mjs at apple.com
Mon Oct 27 17:23:37 PDT 2008


On Oct 27, 2008, at 5:13 PM, Dean Edwards wrote:

> Maciej Stachowiak wrote:
>> On Oct 27, 2008, at 4:54 PM, David-Sarah Hopwood wrote:
>>> Robert Sayre wrote:
>>>> I checked current browser behavior for this coercion to the global
>>>> object for array methods (as well as apply and call).
>>>>
>>>> Opera 9.61
>>>> Chrome Beta 1
>>>> Safari 3.1.2
>>>> Firefox 3.0.3
>>>>
>>>> http://people.mozilla.com/~sayrer/2008/10/27/this.html
>>>>
>>>> It seems that the above implementations coerce null or undefined to
>>>> the global object for Array.map in this example, so Mozilla opposes
>>>> these changes.
>>>
>>> The change in behaviour was quite deliberate, and I had been under  
>>> the
>>> impression there was a concensus in favour of it. Removing the  
>>> coercion
>>> of 'this' to the global object is necessary to improve the safety  
>>> and
>>> security of ES3.1, IMHO.
>> Apple is also opposed to changing this behavior, at least without  
>> sufficient showing that the change is broadly compatible with Web  
>> content.
>> It is also not clear to me how it improves safety and security of  
>> ES 3.1. What is the threat model it protects against?
>
>
> As far as I understand it, the global object in a browser  
> environment has a length property indicating the number of frames.  
> If you call Array.map(null, fn) in a browser environment you will  
> enumerate the frames collection. In a non-browser environment you  
> get different behaviour. For one, I'd prefer not to have this  
> behaviour.

Is that a comment on the compatibility risk or the security benefit?

Regards,
Maciej



More information about the Es-discuss mailing list