Another de-facto insecurity we need to fix in ES5

Allen Wirfs-Brock Allen.Wirfs-Brock at
Wed Jun 17 21:36:20 PDT 2009

>-----Original Message-----
>From: es-discuss-bounces at [mailto:es-discuss-
>Personally, I think leaving "distasteful" but cross-browser features
>like this out of the spec in the hopes that they will wither away from
>neglect is a poor approach. If browsers feel pressured to implement
>such extensions for Web compatibility then we are not doing anyone any
>favors by leaving them in the domain of mutual reverse-engineering. I
>would prefer to see such features explicitly specified (with suitable
>restrictions) or explicitly forbidden, and perhaps explicitly
>deprecate them with the plan for further limits or outright removal in
>future versions of the spec. But it seems too late to make big changes
>in this regard for ES5. Maybe in the next version.

TC39 provides a venue where I would hope we can do exactly this sort of work.  In addition to actually creating new editions of the standard, there's no reason we can't create and public roadmaps, deprecation plans, specifications for common extensions that are candidates for inclusion in future editions, recommendations for implementers, or whatever we think will be helpful in evolving the language in a way that will maximize interoperability. The main thing necessary for this to happen is a agreement among the members and a commitment from them (us...) to do the work to get it done.

I would think a good initial item would be a TC39 technical report that surveys common browser JavaScript extensions that were not adopted for ES5l, why they weren't, and what their prospects are for inclusion in future versions of the standard. My sense is that collectively we have a pretty good feel for this information and I think such a document could be an influential guide for both implementers and the more sophisticated developers who are most likely to propagate the use of these extensions.  I have a fairly up to date spreadsheet that inventories the Mozilla extensions that I'm aware of that we might use as a starting point.



More information about the es5-discuss mailing list