ES Native Mode proposal
vitteaymeric at gmail.com
Wed Sep 25 15:48:16 PDT 2013
It's not easy to freeze the world like Caja is doing, and it's not easy
to have a library that takes care of it securely, and the use case is
not always to use modules to have a fresh global.
Some years ago, doing widgets stuff inside web pages, I had a
"RestoreNativeVar" function restoring natives using strange hooks like
taking them from iframes (no comments...)
The issue is probably not TC39 only, but looking at W3C security groups
specs which apparently have some hard time defining something secure,
maybe SES concepts are coming late in the TC39 schedule, all new Web API
define more globals, this is usefull to have something that freezes the
entire global when you need it instead of hacking around.
Le 25/09/2013 23:50, David Bruant a écrit :
> Le 25/09/2013 17:41, Michaël Rouges a écrit :
>> Hi all,
>> Given the number of scripts from various sources that may be
>> contained in a web page, there may be prototypingconflicts.
> Be careful about what you include? To be proactive in that process,
> freeze all builtins beforehand. You'll know soon enough if something
> If you do want to enhance prototype, isolate this code and run it
> before freezing builtins.
> The module loader API has something close to what you ask:
> es-discuss mailing list
> es-discuss at mozilla.org
Peersm : http://www.peersm.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
More information about the es-discuss