brendan at mozilla.org
Mon Jun 11 16:38:57 PDT 2012
Mark S. Miller wrote:
> On Tue, Jun 12, 2012 at 7:12 AM, Brendan Eich<brendan at mozilla.org> wrote:
>> Your point about not violating "use strict" or elaborating too much is good,
>> but I want to push back on one thing: local vars may be a bridge too far,
>> especially with optimizing JITs, block-scoped let bindings, etc. Making
>> arguments available is easier.
> Revealing secrets passed in arguments? C'mon.
I know, but see below.
Also, as you pointed out, even error.stack leaks information. Where do
you draw the line?
> Making arguments *generally* available would be fatal.
I think Charles was arguing that anyone keeping secrets would need "use
strict" to protect those secrets anyway, because otherwise
arguments.caller.arguments[i] (given non-strict caller and callee) can
> That's why you need something
> like the getStack function I suggested earlier: debugging info is
> accessed only by rights amplification, and the amplifier is not made
> generally available.
This is a good argument for Error.getStack(errObj), indeed.
More information about the es-discuss