<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Doug,<br>
<br>
Yes, I think the time has come to table the ES3+ materials.<br>
<br>
It has been discussed on and off since April. Do you have something
that describes this proposal in a material way?<br>
How can people evaluate ES4 vs ES3+ if ES3+ is unknown and unspecified?<br>
<br>
Michael<br>
<br>
Yehuda Katz wrote:
<blockquote
cite="mid:245fb4700710301713h1246cdccra7064cc3e0be3094@mail.gmail.com"
type="cite">Doug,
<div><br class="webkit-block-placeholder">
</div>
<div>What specifically would you do in ES3+ to improve this situation?</div>
<div><br class="webkit-block-placeholder">
</div>
<div>-- Yehuda<br>
<br>
<div><span class="gmail_quote">On 10/30/07, <b
class="gmail_sendername">Douglas Crockford</b> <<a
moz-do-not-send="true" href="mailto:douglas@crockford.com">douglas@crockford.com</a>>
wrote:</span>
<blockquote class="gmail_quote"
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">>
Brenden is also correct: If the working group voted and<br>
> the current<br>
> proposal won - it is better to have a stronger, more secure<br>
> language.<br>
> Sure they can argue it is bloated, but SO WHAT?
<br>
<br>
The proposal is not a more secure language. It does nothing to address
ECMAScript's biggest design flaw: the insecurity caused its dependence
on a global object. XSS attacks are a direct consequence of this flaw.
By making the language more complex, this problem becomes even harder
to reason about and fix.
<br>
<br>
I have been bringing this up since my first day in the working group.
This is not a concern that is being sprung at the last minute.<br>
<br>
The working group hasn't voted. The proposal has not won. We have
agreed to disagree, developing two competing proposals in the same
working group. I am pursuing with Microsoft a counter proposal for a
simpler, reliable remedy to real problems. My position isn't that
JavaScript doesn't need fixing. I think we need to be more selective in
how we fix it. Bloat, in my view, is not good design.
<br>
_______________________________________________<br>
Es4-discuss mailing list<br>
<a moz-do-not-send="true" href="mailto:Es4-discuss@mozilla.org">Es4-discuss@mozilla.org</a><br>
<a moz-do-not-send="true"
href="https://mail.mozilla.org/listinfo/es4-discuss">https://mail.mozilla.org/listinfo/es4-discuss
</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
Yehuda Katz<br>
Web Developer | Procore Technologies<br>
(ph) 718.877.1325
</div>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
Es4-discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Es4-discuss@mozilla.org">Es4-discuss@mozilla.org</a>
<a class="moz-txt-link-freetext" href="https://mail.mozilla.org/listinfo/es4-discuss">https://mail.mozilla.org/listinfo/es4-discuss</a>
</pre>
</blockquote>
</body>
</html>