238Re: [caplet] ADsafe
- Jul 17, 2008Douglas Crockford wrote:
> I added setExpression to the banned method list.This is a Microsoft DOM method
It's clearly unsafe, but AFAIK, it only has an effect on objects
that represent stylesheets or that have DHTML properties.
So, shouldn't it be made inaccessible by DOM taming rather than by
the method/property blacklist? It is unsafe to give direct access to
any DOM object, as demonstrated by this and many, many other browser
misfeatures. The blacklist is, as far as I understood the ADsafe
design, for properties that have a special meaning on arbitrary
objects or functions.
- << Previous post in topic Next post in topic >>