"no strict"; directive

Andrea Giammarchi andrea.giammarchi at gmail.com
Fri Nov 16 15:28:53 PST 2012


Mark, who said that's different ? Why SES solves this and evaluation in the
global scope does not consider the "use strict" directive?

This is good news if known, it's a won't fix then: might be useful


On Fri, Nov 16, 2012 at 3:25 PM, Mark S. Miller <erights at google.com> wrote:

> How does Function('return this;') differ from (1,eval)('this') ? In both
> cases, if Function/eval is the original one, it executes its arguments
> non-strictly. This is unfortunate but all the alternatives were worse. SES
> replaces both Function and eval with safe variants that (among other
> things) enforce that the argument is executed as strict code.
>
>
> On Fri, Nov 16, 2012 at 3:19 PM, Andrea Giammarchi <
> andrea.giammarchi at gmail.com> wrote:
>
>> back in the topic ... about evaluation: Function('return this')();
>> returns the global object with or without use strict around. This is
>> actually nice, since this one was a security problem introduced when
>> somebody decided that `this` without an explicit context should have been
>> undefined. Now it is possible to retrieve the global object as long as
>> Function is the original constructor.
>> Said that, I believe this is a bug in every browser. (Webkit, FF, Chrome
>> suffering)
>>
>> Please do not fix, thanks :-)
>>
>>
>> On Fri, Nov 16, 2012 at 2:50 PM, Andrea Giammarchi <
>> andrea.giammarchi at gmail.com> wrote:
>>
>>> love this answer, thanks!
>>>
>>>
>>> On Fri, Nov 16, 2012 at 2:47 PM, Jeff Walden <jwalden+es at mit.edu> wrote:
>>>
>>>> On 11/16/2012 02:37 PM, Andrea Giammarchi wrote:
>>>> > what I am saying: arguments won't disappear in 5+ years, neither will
>>>> caller ... is my crystal ball correct?
>>>>
>>>> It's not necessary for these things to disappear completely for us to
>>>> derive value from these decisions.  It's only necessary for good code, that
>>>> wants to be performant, to not use them.
>>>>
>>>> Jeff
>>>>
>>>
>>>
>>
>> _______________________________________________
>> es-discuss mailing list
>> es-discuss at mozilla.org
>> https://mail.mozilla.org/listinfo/es-discuss
>>
>>
>
>
> --
>     Cheers,
>     --MarkM
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20121116/488e23bb/attachment-0001.html>


More information about the es-discuss mailing list