"no strict"; directive
Mark S. Miller
erights at google.com
Fri Nov 16 15:25:48 PST 2012
How does Function('return this;') differ from (1,eval)('this') ? In both
cases, if Function/eval is the original one, it executes its arguments
non-strictly. This is unfortunate but all the alternatives were worse. SES
replaces both Function and eval with safe variants that (among other
things) enforce that the argument is executed as strict code.
On Fri, Nov 16, 2012 at 3:19 PM, Andrea Giammarchi <
andrea.giammarchi at gmail.com> wrote:
> back in the topic ... about evaluation: Function('return this')(); returns
> the global object with or without use strict around. This is actually nice,
> since this one was a security problem introduced when somebody decided that
> `this` without an explicit context should have been undefined. Now it is
> possible to retrieve the global object as long as Function is the original
> Said that, I believe this is a bug in every browser. (Webkit, FF, Chrome
> Please do not fix, thanks :-)
> On Fri, Nov 16, 2012 at 2:50 PM, Andrea Giammarchi <
> andrea.giammarchi at gmail.com> wrote:
>> love this answer, thanks!
>> On Fri, Nov 16, 2012 at 2:47 PM, Jeff Walden <jwalden+es at mit.edu> wrote:
>>> On 11/16/2012 02:37 PM, Andrea Giammarchi wrote:
>>> > what I am saying: arguments won't disappear in 5+ years, neither will
>>> caller ... is my crystal ball correct?
>>> It's not necessary for these things to disappear completely for us to
>>> derive value from these decisions. It's only necessary for good code, that
>>> wants to be performant, to not use them.
> es-discuss mailing list
> es-discuss at mozilla.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss