Loading ...
Sorry, an error occurred while loading the content.

167Re: ADsafe rules

Expand Messages
  • Douglas Crockford
    Apr 5, 2008
      I want .get and .set to work without blacklists. They are intended to
      get and set data members in objects. So that is all they will allow.
      They will not get or set function values. They will not manipulate
      functions. JavaScript's functions are mutable objects. I think that
      was a mistake.

      Some of the member restrictions are motivated by obvious attacks
      (apply, call, eval, prototype, watch). Some are to prevent rights
      amplification even in cases where that does not lead to known exploits
      (callee, caller, constructor, unwatch). Some are because they make me
      nervous (valueOf).
    • Show all 13 messages in this topic