charles at isomorphic.com
Mon Jun 11 19:14:11 PDT 2012
On Mon, Jun 11, 2012 at 5:55 PM, Mark S. Miller <erights at google.com> wrote:
> On Tue, Jun 12, 2012 at 7:59 AM, Charles Kendrick
> <charles at isomorphic.com> wrote:
>> I'm reading this as saying that stack traces in general should not be
>> available unless the code is privileged in some way. This can't be
>> what you mean, so could you clarify?
> That is exactly what I mean.
The only way I can see this working is if there is a way for a given
piece of code to trap an error and ask some kind of (elevated
privilege) logging system to provide diagnostic information that a
(privileged) end user can see. It also seems like, in addition to
this, you should be able to get to stack information programmatically
so long as you stay within your module or modules that have the same
This doesn't sound like something that could be reasonably
standardized into ECMAScript in the near future, and, without all
those pieces in place, it doesn't seem like ECMAScript should just
disallow the ability to get stack traces.
Brendan brought up SES - I know little about it, but for its sake I
hope this critical use case is taken into account.
On Mon, Jun 11, 2012 at 6:17 PM, Brendan Eich <brendan at mozilla.org> wrote:
> I thought so too, but Charles is arguing both (a) no worse than today (not better than today); (b) useful for people who prefer
> non-strict code and a more useful stack-tracing API in the core language.
Just to clarify, I prefer *some* of the ideas behind "use strict" and
in fact we built a subset of "use strict" into our in-house tools long
before JSLint existed.
But if it's going to impose a security boundary between my own methods
and reduce the utility of stack traces which are sometimes the only
thing you have to go on.. no thank you. That seems to me to conflate
useful error checking and security; there is overlap, but not 100%
overlap by any means.
More information about the es-discuss