Error stack

Brendan Eich brendan at
Mon Jun 11 16:38:57 PDT 2012

Mark S. Miller wrote:
> On Tue, Jun 12, 2012 at 7:12 AM, Brendan Eich<brendan at>  wrote:
>> Your point about not violating "use strict" or elaborating too much is good,
>> but I want to push back on one thing: local vars may be a bridge too far,
>> especially with optimizing JITs, block-scoped let bindings, etc. Making
>> arguments available is easier.
> Revealing secrets passed in arguments? C'mon.

I know, but see below.

Also, as you pointed out, even error.stack leaks information. Where do 
you draw the line?

>   Making arguments *generally* available would be fatal.

I think Charles was arguing that anyone keeping secrets would need "use 
strict" to protect those secrets anyway, because otherwise 
arguments.caller.arguments[i] (given non-strict caller and callee) can 
get them.

>   That's why you need something
> like the getStack function I suggested earlier: debugging info is
> accessed only by rights amplification, and the amplifier is not made
> generally available.

This is a good argument for Error.getStack(errObj), indeed.


More information about the es-discuss mailing list