Changes to Array method this coercion (was: ES3.1 Draft: 27 Oct 2008 version available)
dean at edwards.name
Mon Oct 27 17:49:50 PDT 2008
Maciej Stachowiak wrote:
> On Oct 27, 2008, at 5:13 PM, Dean Edwards wrote:
>> Maciej Stachowiak wrote:
>>> On Oct 27, 2008, at 4:54 PM, David-Sarah Hopwood wrote:
>>>> Robert Sayre wrote:
>>>>> I checked current browser behavior for this coercion to the global
>>>>> object for array methods (as well as apply and call).
>>>>> It seems that the above implementations coerce null or undefined to
>>>>> the global object for Array.map in this example, so Mozilla opposes
>>>>> these changes.
>>>> The change in behaviour was quite deliberate, and I had been under the
>>>> impression there was a concensus in favour of it. Removing the coercion
>>>> of 'this' to the global object is necessary to improve the safety and
>>>> security of ES3.1, IMHO.
>>> Apple is also opposed to changing this behavior, at least without
>>> sufficient showing that the change is broadly compatible with Web
>>> It is also not clear to me how it improves safety and security of ES
>>> 3.1. What is the threat model it protects against?
>> As far as I understand it, the global object in a browser environment
>> has a length property indicating the number of frames. If you call
>> Array.map(null, fn) in a browser environment you will enumerate the
>> frames collection. In a non-browser environment you get different
>> behaviour. For one, I'd prefer not to have this behaviour.
> Is that a comment on the compatibility risk or the security benefit?
I assume this is why Mozilla want to change behaviour. This issue was
brought up previously on this list.
If you enumerate null, usually nothing happens, but if you have frames
(even iframes) then the behavior is different (you enumerate the
frames). It's an annoying glitch, in a browser environment at least.
More information about the Es-discuss