new function syntax and poison pill methods

David Bruant bruant.d at
Sun Oct 28 01:59:50 PDT 2012

Le 27/10/2012 00:59, Mark S. Miller a écrit :
> On Fri, Oct 26, 2012 at 3:45 PM, David Bruant <bruant.d at
> <mailto:bruant.d at>> wrote:
>     Le 27/10/2012 00:23, Kevin Reid a écrit :
>>     How about: there must be no /nonstandard non-configurable
>>     properties/ of standard objects.
> Good. This agrees with
> <>. 
>>     This directly implies “SES can do its job of deleting everything
>>     not whitelisted”, and does not rely on the spec blacklisting
>>     undesirable behaviors.
>     Interesting. I think there are two slightly different problems to
>     solve:
>     1) Make applications written in the language securable
>     2) Make applications written in the language not insecure
>     ES5 strict mode, by poison-pilling .caller and .arguments and by
>     fixing dynamic scoping features took in the direction of making
>     the language not insecure by default.
> Did you mean "not insecurable by default". ES5 strict by itself is
> certainly far from secure (or "not insecure"). But because of poison
> pills and such, ES5 is securable.
I meant "not insecure by default" when I wrote it, but I agree "not
insecurable by default" is more correct.

>     The addition of Object.freeze and a couple of other things went in
>     the direction of making the applications securable.
>     I feel I was going for making the language not insecure with my
>     section 2 refinement, but I guess which is better really depends
>     on the danger provided by the non-standard capability.
>     I guess there is a case for both. Maybe the refinment I proposed
>     could fall into 2 subsections: one for "don't ever add this kind
>     of capability to the language or you're putting users at risk" and
>     another for "if you add this kind of capability, make sure it's
>     securable" (non-configurable I assume for most cases).
> Did you mean "configurable"?
Yes, of course, sorry about this very misleading typo.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the es-discuss mailing list