<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<body bgcolor="#ffffff" text="#000000">
Yes, I think the time has come to table the ES3+ materials.<br>
It has been discussed on and off since April. Do you have something
that describes this proposal in a material way?<br>
How can people evaluate ES4 vs ES3+ if ES3+ is unknown and unspecified?<br>
Yehuda Katz wrote:
<div>What specifically would you do in ES3+ to improve this situation?</div>
<div><span class="gmail_quote">On 10/30/07, <b
class="gmail_sendername">Douglas Crockford</b> <<a
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">>
Brenden is also correct: If the working group voted and<br>
> the current<br>
> proposal won - it is better to have a stronger, more secure<br>
> Sure they can argue it is bloated, but SO WHAT?
The proposal is not a more secure language. It does nothing to address
ECMAScript's biggest design flaw: the insecurity caused its dependence
on a global object. XSS attacks are a direct consequence of this flaw.
By making the language more complex, this problem becomes even harder
to reason about and fix.
I have been bringing this up since my first day in the working group.
This is not a concern that is being sprung at the last minute.<br>
The working group hasn't voted. The proposal has not won. We have
agreed to disagree, developing two competing proposals in the same
working group. I am pursuing with Microsoft a counter proposal for a
simpler, reliable remedy to real problems. My position isn't that
how we fix it. Bloat, in my view, is not good design.
Es4-discuss mailing list<br>
<a moz-do-not-send="true" href="mailto:Es4firstname.lastname@example.org">Es4email@example.com</a><br>
Web Developer | Procore Technologies<br>
<hr size="4" width="90%">
Es4-discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Es4firstname.lastname@example.org">Es4email@example.com</a>
<a class="moz-txt-link-freetext" href="https://mail.mozilla.org/listinfo/es4-discuss">https://mail.mozilla.org/listinfo/es4-discuss</a>