brendan at mozilla.com
Wed Aug 17 18:14:37 PDT 2011
On Aug 17, 2011, at 4:39 PM, Brendan Eich wrote:
> On Aug 17, 2011, at 4:25 PM, John J Barton wrote:
>> On Wed, Aug 17, 2011 at 4:15 PM, Brendan Eich <brendan at mozilla.com> wrote:
>>> Mozilla has evalInSandbox built-ins.
>> Unfortunately I have quite a lot of experience with evalInSandbox.
> If you mean Firebug vs. evalInSandbox, if I recall correctly, the problem is that a debugger doesn't want as much isolation as the security use-cases that motivated evalInSandbox want. Is that right?
From corresponding with John, this seems like a combo of out of date MDC docs on evalInSandbox (it uses proxy-based membranes aggressively for security, but the docs predate that), and the common line number problem with all eval variants, where multiple lines in the eval'ed source do not have usable line numbers:
We have discussed various fixes to propagate accurate, invertible source coordinates through nested evals in bugzilla bugs in the past. Firebug has tried crypto-hashing source strings, IIRC. Does anyone have a solid solution?
More information about the es-discuss