AST in JSON format

David-Sarah Hopwood david-sarah at
Mon Dec 7 20:57:46 PST 2009

Kevin Curtis wrote:
> David-Sarah,
> Jacaranda is - I think - a DSL which is not a subset of JS.

No, it's a subset of JS (like most of the other languages mentioned --
Caja/Cajita, FBJS, ADsafe etc.)

> How do you anticipate jacaranda programs being delivered to the browser.

 - verify on the server/proxy, and deliver the verified program as-is
   (with the Jacaranda runtime library), or
 - tag the program as Jacaranda and have a browser add-on verify it
   before execution.

The value of the AST format here would be in potentially *greatly*
simplifying some future version of the verifier, by allowing an
existing parser to be reused.

That would however depend on an assessment of whether browser
implementors had succeeded in implementing secure and correct
ES5->AST parsers (with a mode that accepts exactly ES5 as specified,
not ES5 plus undocumented cruft and short-cuts for edge cases).

David-Sarah Hopwood  ⚥

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the es-discuss mailing list